CVE-2020-5798: 
NixOS vulnerability analysis and mitigation

CVE-2020-5798 is a privilege escalation vulnerability affecting Druva inSync Client installer for macOS versions 6.8.0 and prior, discovered in September 2020 and disclosed in December 2020. The vulnerability allows an attacker to gain root user privileges from a lower privileged user account due to improper integrity checks and directory permissions in the installer package (Tenable Research).

The vulnerability exists in the installation package's postinstall script where the LaunchDaemon scripts' integrity is improperly checked. The plists used for these daemons are generated in a user-writable directory instead of an installer sandbox or privileged directory, allowing a lower-privileged user to overwrite these files during installation. These files subsequently launch the daemons with root privileges. The vulnerability has a CVSSv3 Base Score of 9.3 and Temporal Score of 8.6 with the vector: AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H (Tenable Research).

If exploited, this vulnerability allows an attacker to escalate privileges from a normal user to root, potentially gaining complete control over the affected system. The high CVSS score reflects the severe potential impact on system confidentiality, integrity, and availability (Tenable Research).

Druva addressed this vulnerability by releasing a fixed installer on December 4, 2020. Users should upgrade to versions newer than v6.8.0 of the Druva inSync Client for macOS (Tenable Research).