CVE-2020-15704
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
The modprobe child process in the ./debian/patches/load_ppp_generic_if_needed patch file incorrectly handled module loading. A local non-root attacker could exploit the MODPROBE_OPTIONS environment variable to read arbitrary root files. Fixed in 2.4.5-5ubuntu1.4, 2.4.5-5.1ubuntu2.3+esm2, 2.4.7-1+2ubuntu1.16.04.3, 2.4.7-2+2ubuntu1.3, 2.4.7-2+4.1ubuntu5.1, 2.4.7-2+4.1ubuntu6. Was ZDI-CAN-11504.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Canonical | ppp | 2.4.5 < 2.4.5-5ubuntu1.4 | affected |
| Canonical | ppp | 2.4.7 < 2.4.7-1+2ubuntu1.16.04.3 | affected |
Weaknesses
- CWE-200: CWE-200 Information Exposure
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.