CVE-2020-8831
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
Summary
Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory. If the apport/ directory does not exist (this is not uncommon as /var/lock is a tmpfs), it will create the directory, otherwise it will simply continue execution using the existing directory. This allows for a symlink attack if an attacker were to create a symlink at /var/lock/apport, changing apport's lock file location. This file could then be used to escalate privileges, for example. Fixed in versions 2.20.1-0ubuntu2.23, 2.20.9-0ubuntu7.14, 2.20.11-0ubuntu8.8 and 2.20.11-0ubuntu22.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Canonical | Apport | 2.20.1 < 2.20.1-0ubuntu2.23 | affected |
| Canonical | Apport | 2.20.9 < 2.20.9-0ubuntu7.14 | affected |
| Canonical | Apport | 2.20.11 < 2.20.11-0ubuntu8.8 | affected |
Weaknesses
- CWE-379: CWE-379 Creation of Temporary File in Directory with Incorrect Permissions
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.