CVE-2020-12050

HIGH

Opensuse Backports Sle - Race Condition

Title source: rule

Description

SQLiteODBC 0.9996, as packaged for certain Linux distributions as 0.9996-4, has a race condition leading to root privilege escalation because any user can replace a /tmp/sqliteodbc$$ file with new contents that cause loading of an arbitrary library.

Exploits (1)

github WORKING POC 4 stars

by tnpitsecurity · poc

https://github.com/tnpitsecurity/CVEs/tree/master/CVE-2020-12050

View Code ZIP pw:eip

References (9)

[Third Party Advisory] https://sysdream.com/news/lab/

[Vendor Advisory] http://www.ch-werner.de/sqliteodbc/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PR6B33IGBADGYDBTEEU36OGERER2HOGQ/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXPHBDVB3LAQUQJCZ4WIS3JWM7JFR56X/

[Issue Tracking, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=1825762

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PDS5RK7F47BRXHUYRWGMGLYU2GJEVZQA/

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00013.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00026.html

[Various Sources] https://sysdream.com/news/lab/2020-05-25-cve-2020-12050-fedora-red-hat-centos-local-privilege-escalation-through-a-race-condition-in-the-sqliteodbc-installer-script/

Scores

CVSS v3 7.0

EPSS 0.0009

EPSS Percentile 25.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-362

Status published

Products (5)

fedoraproject/fedora 30

fedoraproject/fedora 31

fedoraproject/fedora 32

opensuse/backports_sle 15.0 sp1

sqliteodbc_project/sqliteodbc 0.9996

Published Apr 30, 2020

Tracked Since Feb 18, 2026