Anolis OS update for idm:DL1 module

Published: 2022-03-04 | Updated: 2025-03-28

Risk	Low
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2020-25719
CWE-ID	CWE-362
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	Anolis OS Operating systems & Components / Operating system python3-yubico Operating systems & Components / Operating system package or component python3-qrcode-core Operating systems & Components / Operating system package or component python3-qrcode Operating systems & Components / Operating system package or component python3-pyusb Operating systems & Components / Operating system package or component python3-kdcproxy Operating systems & Components / Operating system package or component python3-jwcrypto Operating systems & Components / Operating system package or component python3-ipatests Operating systems & Components / Operating system package or component python3-ipaserver Operating systems & Components / Operating system package or component python3-ipalib Operating systems & Components / Operating system package or component python3-ipaclient Operating systems & Components / Operating system package or component python3-custodia Operating systems & Components / Operating system package or component ipa-server-dns Operating systems & Components / Operating system package or component ipa-server-common Operating systems & Components / Operating system package or component ipa-selinux Operating systems & Components / Operating system package or component ipa-python-compat Operating systems & Components / Operating system package or component ipa-healthcheck-core Operating systems & Components / Operating system package or component ipa-healthcheck Operating systems & Components / Operating system package or component ipa-common Operating systems & Components / Operating system package or component ipa-client-common Operating systems & Components / Operating system package or component custodia Operating systems & Components / Operating system package or component softhsm-devel Operating systems & Components / Operating system package or component softhsm Operating systems & Components / Operating system package or component slapi-nis Operating systems & Components / Operating system package or component opendnssec Operating systems & Components / Operating system package or component ipa-server-trust-ad Operating systems & Components / Operating system package or component ipa-server Operating systems & Components / Operating system package or component ipa-client-samba Operating systems & Components / Operating system package or component ipa-client-epn Operating systems & Components / Operating system package or component ipa-client Operating systems & Components / Operating system package or component bind-dyndb-ldap Operating systems & Components / Operating system package or component
Vendor	OpenAnolis

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Race condition

EUVDB-ID: #VU58095

Risk: Low

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-25719

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to a race condition. A remote administrator can exploit the race and escalate privileges on the system.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

python3-yubico: before 1.3.2-9

python3-qrcode-core: before 5.1-12

python3-qrcode: before 5.1-12

python3-pyusb: before 1.0.0-9

python3-kdcproxy: before 0.4-5

python3-jwcrypto: before 0.5.0-1

python3-ipatests: before 4.9.6-10.0.1

python3-ipaserver: before 4.9.6-10.0.1

python3-ipalib: before 4.9.6-10.0.1

python3-ipaclient: before 4.9.6-10.0.1

python3-custodia: before 0.6.0-3

ipa-server-dns: before 4.9.6-10.0.1

ipa-server-common: before 4.9.6-10.0.1

ipa-selinux: before 4.9.6-10.0.1

ipa-python-compat: before 4.9.6-10.0.1

ipa-healthcheck-core: before 0.7-6

ipa-healthcheck: before 0.7-6

ipa-common: before 4.9.6-10.0.1

ipa-client-common: before 4.9.6-10.0.1

custodia: before 0.6.0-3

softhsm-devel: before 2.6.0-5

softhsm: before 2.6.0-5

slapi-nis: before 0.56.6-4

opendnssec: before 2.1.7-1

ipa-server-trust-ad: before 4.9.6-10.0.1

ipa-server: before 4.9.6-10.0.1

ipa-client-samba: before 4.9.6-10.0.1

ipa-client-epn: before 4.9.6-10.0.1

ipa-client: before 4.9.6-10.0.1

bind-dyndb-ldap: before 11.6-2

CPE2.3

External links

https://anas.openanolis.cn/errata/detail/ANSA-2022:0037

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.