CVE-2020-15704
pppd arbitrary file read information disclosure vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The modprobe child process in the ./debian/patches/load_ppp_generic_if_needed patch file incorrectly handled module loading. A local non-root attacker could exploit the MODPROBE_OPTIONS environment variable to read arbitrary root files. Fixed in 2.4.5-5ubuntu1.4, 2.4.5-5.1ubuntu2.3+esm2, 2.4.7-1+2ubuntu1.16.04.3, 2.4.7-2+2ubuntu1.3, 2.4.7-2+4.1ubuntu5.1, 2.4.7-2+4.1ubuntu6. Was ZDI-CAN-11504.
El proceso hijo modprobe en el archivo de parche ./debian/patches/load_ppp_generic_if_needed manejó incorrectamente la carga del módulo. Un atacante local que no sea root podría explotar la variable de entorno MODPROBE_OPTIONS para leer archivos root arbitrarios. Corregido en las versiones 2.4.5-5ubuntu1.4, 2.4.5-5.1ubuntu2.3+esm2, 2.4.7-1+2ubuntu1.16.04.3, 2.4.7-2+2ubuntu1.3, 2.4.7-2+4.1ubuntu5.1, 2.4.7-2+4.1ubuntu6. Fue ZDI-CAN-11504
This vulnerability allows local attackers to read arbitrary files on affected installations of Canonical Ubuntu. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the handling of environment variables in pppd. The issue results from the lack of proper validation of user-supplied data, which can allow the read of arbitrary files. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-07-14 CVE Reserved
- 2020-08-05 CVE Published
- 2024-07-28 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://ubuntu.com/security/notices/USN-4451-1 | 2021-11-18 | |
| https://ubuntu.com/security/notices/USN-4451-2 | 2021-11-18 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Canonical Search vendor "Canonical" | Ppp Search vendor "Canonical" for product "Ppp" | < 2.4.7-1\+ubuntu1.16.04.3 Search vendor "Canonical" for product "Ppp" and version " < 2.4.7-1\+ubuntu1.16.04.3" | - |
Affected
| in | Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Safe
|
| Canonical Search vendor "Canonical" | Ppp Search vendor "Canonical" for product "Ppp" | < 2.4.7-2\+2ubuntu1.3 Search vendor "Canonical" for product "Ppp" and version " < 2.4.7-2\+2ubuntu1.3" | - |
Affected
| in | Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Safe
|
| Canonical Search vendor "Canonical" | Ppp Search vendor "Canonical" for product "Ppp" | < 2.4.7-2\+4.1ubuntu5.1 Search vendor "Canonical" for product "Ppp" and version " < 2.4.7-2\+4.1ubuntu5.1" | - |
Affected
| in | Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 20.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "20.04" | lts |
Safe
|
| Canonical Search vendor "Canonical" | Ppp Search vendor "Canonical" for product "Ppp" | < 2.4.5-5ubuntu1.4 Search vendor "Canonical" for product "Ppp" and version " < 2.4.5-5ubuntu1.4" | - |
Affected
| in | Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04" | esm |
Safe
|
| Canonical Search vendor "Canonical" | Ppp Search vendor "Canonical" for product "Ppp" | < 2.4.5-5.1ubuntu2.3\+esm2 Search vendor "Canonical" for product "Ppp" and version " < 2.4.5-5.1ubuntu2.3\+esm2" | - |
Affected
| in | Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | esm |
Safe
|