ALT-PU-2020-3462-1
Package sqliteodbc updated to version 0.9996-alt3 for branch p9 in task 262190.
Closed vulnerabilities
Published: 2020-04-30
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2020-12050
SQLiteODBC 0.9996, as packaged for certain Linux distributions as 0.9996-4, has a race condition leading to root privilege escalation because any user can replace a /tmp/sqliteodbc$$ file with new contents that cause loading of an arbitrary library.
Severity: HIGH (7.0)
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
- openSUSE-SU-2020:0612
- openSUSE-SU-2020:0628
- http://www.ch-werner.de/sqliteodbc/
- https://bugzilla.redhat.com/show_bug.cgi?id=1825762
- FEDORA-2020-df7c647fa3
- FEDORA-2020-1e85425a52
- FEDORA-2020-c98c7da2f6
- https://sysdream.com/news/lab/
- https://sysdream.com/news/lab/2020-05-25-cve-2020-12050-fedora-red-hat-centos-local-privilege-escalation-through-a-race-condition-in-the-sqliteodbc-installer-script/
- openSUSE-SU-2020:0612
- https://sysdream.com/news/lab/2020-05-25-cve-2020-12050-fedora-red-hat-centos-local-privilege-escalation-through-a-race-condition-in-the-sqliteodbc-installer-script/
- https://sysdream.com/news/lab/
- FEDORA-2020-c98c7da2f6
- FEDORA-2020-1e85425a52
- FEDORA-2020-df7c647fa3
- https://bugzilla.redhat.com/show_bug.cgi?id=1825762
- http://www.ch-werner.de/sqliteodbc/
- openSUSE-SU-2020:0628