Race Condition Affecting timeshift package, versions <20.03+ds-1


Severity

Recommended
0.0
high
0
10

Snyk's Security Team recommends NVD's CVSS assessment. Learn more

Threat Intelligence

EPSS
0.07% (36th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Race Condition vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-DEBIANUNSTABLE-TIMESHIFT-559471
  • published7 Mar 2020
  • disclosed5 Mar 2020

Introduced: 5 Mar 2020

CVE-2020-10174  (opens in a new tab)
CWE-362  (opens in a new tab)

How to fix?

Upgrade Debian:unstable timeshift to version 20.03+ds-1 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream timeshift package and not the timeshift package as distributed by Debian. See How to fix? for Debian:unstable relevant fixed versions and status.

init_tmp in TeeJee.FileSystem.vala in Timeshift before 20.03 unsafely reuses a preexisting temporary directory in the predictable location /tmp/timeshift. It follows symlinks in this location or uses directories owned by unprivileged users. Because Timeshift also executes scripts under this location, an attacker can attempt to win a race condition to replace scripts created by Timeshift with attacker-controlled scripts. Upon success, an attacker-controlled script is executed with full root privileges. This logic is practically always triggered when Timeshift runs regardless of the command-line arguments used.

CVSS Base Scores

version 3.1