Login Sign Up

CVE-2020-36394

7.0 HIGH

📋 TL;DR

This vulnerability in the Linux-PAM pam_setquota module allows local attackers to set disk quotas on arbitrary filesystems when their home directory is a FUSE filesystem mounted under /home. Attackers can manipulate quota limits on systems they shouldn't have access to. Systems using the vulnerable pam_setquota module with FUSE-mounted home directories are affected.

💻 Affected Systems

Products:
  • Linux-PAM pam_setquota module
Versions: All versions before 2020-05-29
Operating Systems: Linux distributions using Linux-PAM with pam_setquota
Default Config Vulnerable: ✅ No
Notes: Only vulnerable when pam_setquota is configured and users have FUSE-mounted home directories under /home.

📦 What is this software?

Pam Setquota by Pam Setquota Project

View all CVEs affecting Pam Setquota →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could set arbitrary quota limits on critical system filesystems, potentially causing denial of service or disrupting system operations by exhausting disk space.

🟠

Likely Case

Local users bypass quota restrictions on filesystems they shouldn't control, potentially consuming excessive disk resources or interfering with other users' quotas.

🟢

If Mitigated

With proper access controls and monitoring, impact is limited to quota manipulation without broader system compromise.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring local access.
🏢 Internal Only: MEDIUM - Internal users with local access could exploit this to bypass quota restrictions.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires local access and specific FUSE configuration. The vulnerability details and exploitation methods were publicly disclosed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version from 2020-05-29 or later

Vendor Advisory: https://seclists.org/oss-sec/2020/q2/169

Restart Required: No

Instructions:

1. Update Linux-PAM to version including fix from 2020-05-29. 2. Update pam_setquota module. 3. Check distribution-specific security updates. 4. Verify module is no longer vulnerable.

🔧 Temporary Workarounds

Disable pam_setquota module

linux

Remove or comment out pam_setquota from PAM configuration files

# Edit /etc/pam.d/common-session or relevant PAM config
# Comment out: session optional pam_setquota.so

Restrict FUSE mounts

linux

Prevent users from mounting FUSE filesystems under /home

# Add to /etc/fuse.conf: user_allow_other = false
# Or restrict mount permissions

🧯 If You Can't Patch

  • Disable the pam_setquota module in PAM configuration
  • Implement strict monitoring of quota changes and filesystem mounts

🔍 How to Verify

Check if Vulnerable:

Check pam_setquota version: strings /lib/security/pam_setquota.so | grep -i 'pam_setquota' and verify date is before 2020-05-29

Check Version:

strings /lib/security/pam_setquota.so | grep -i 'pam_setquota'

Verify Fix Applied:

Verify pam_setquota version includes fix from 2020-05-29: strings /lib/security/pam_setquota.so | grep -i '2020-05-29'

📡 Detection & Monitoring

Log Indicators:

  • Unexpected quota modifications in system logs
  • FUSE mount events under /home followed by quota changes

Network Indicators:

  • None - local attack only

SIEM Query:

search for 'quota' AND 'set' AND 'unexpected' in system authentication logs

📊 Metadata

CVE ID: CVE-2020-36394
CVSS v3 Score: 7.0 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Published: June 22, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON