1214593 – (CVE-2020-21583) VUL-0: CVE-2020-21583: util-linux: hwclock(8) SUID privilege escalation

Bug 1214593 (CVE-2020-21583) - VUL-0: CVE-2020-21583: util-linux: hwclock(8) SUID privilege escalation

Summary: VUL-0: CVE-2020-21583: util-linux: hwclock(8) SUID privilege escalation

Status:	RESOLVED INVALID

Alias:	CVE-2020-21583

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P5 - None Severity: Normal
Target Milestone:	---
Assignee:	Sascha Weber
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/375965/
Whiteboard:	CVSSv3.1:SUSE:CVE-2020-21583:8.4:(AV:...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2023-08-24 15:26 UTC by Alexander Bergmann
Modified:	2023-08-24 15:28 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexander Bergmann 2023-08-24 15:26:57 UTC

CVE-2020-21583

An issue was discovered in hwclock.13-v2.27 allows attackers to gain escalated
privlidges or execute arbitrary commands via the path parameter when setting the
date.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-21583
https://www.cve.org/CVERecord?id=CVE-2020-21583
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786804
https://packetstormsecurity.com/files/132061/hwclock-Privilege-Escalation.html

Comment 1 Alexander Bergmann 2023-08-24 15:28:04 UTC

The hwclock binary in SLE and openSUSE products has not SUID bit set. Therefore our distributions are not affected by this issue.

This bug was only opened as reference and closed again.