CVE-2020-8013: 
Linux openSUSE vulnerability analysis and mitigation

CVE-2020-8013 is a UNIX Symbolic Link (Symlink) Following vulnerability that affects the chkstat component in various versions of SUSE Linux Enterprise Server (SLES) products. The vulnerability was discovered in early 2020 and affects how chkstat handles symbolic links when setting permissions (SUSE Security).

The vulnerability occurs when chkstat follows symbolic links it encounters, not just for intermediary directories but also if the file listed in /etc/permissions itself is a link. This behavior leads to setting unintended setuid bits and capabilities on the link targets. The issue specifically affects files from mrsh-rsh-compat and wodim packages, including /usr/bin/cdrecord linking to /usr/bin/wodim in SLE-11-SP3, SLE-12-SP{2,3,4,5}, and /usr/bin/{rsh,rlogin,rcp} linking to /usr/bin/m{rsh,rlogin,rcp} in SLE-12-SP2, SLE-15-SP1 (SUSE Bugzilla).

The vulnerability could result in unintended privilege escalation due to incorrect permission settings on symbolic link targets. This affects system security by potentially granting elevated privileges to files that should not have them (OpenSUSE Security).

SUSE has released security updates to address this vulnerability across multiple product versions. The fix includes updates to the permissions package that correct the symbolic link handling behavior in chkstat. Users are advised to update their systems using the SUSE recommended installation methods like YaST online_update or zypper patch (OpenSUSE Security).