CVE-2020-8831
World writable root owned lock file created in user controllable location
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory. If the apport/ directory does not exist (this is not uncommon as /var/lock is a tmpfs), it will create the directory, otherwise it will simply continue execution using the existing directory. This allows for a symlink attack if an attacker were to create a symlink at /var/lock/apport, changing apport's lock file location. This file could then be used to escalate privileges, for example. Fixed in versions 2.20.1-0ubuntu2.23, 2.20.9-0ubuntu7.14, 2.20.11-0ubuntu8.8 and 2.20.11-0ubuntu22.
Apport crea un archivo de bloqueo de tipo world writable con propiedad root en el directorio /var/lock/apport de tipo world writable. Si el directorio apport/ no existe (esto no es raro ya que /var/lock es un tmpfs), creará el directorio, de lo contrario, simplemente continuará la ejecución usando el directorio existente. Esto permite un ataque de tipo symlink si un atacante creara un enlace simbólico en el directorio /var/lock/apport, cambiando la ubicación del archivo de bloqueo de apport. Este archivo podría ser utilizado para escalar privilegios, por ejemplo. Corregido en las versiones 2.20.1-0ubuntu2.23, 2.20.9-0ubuntu7.14, 2.20.11-0ubuntu8.8 y 2.20.11-0ubuntu22.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-02-10 CVE Reserved
- 2020-04-02 CVE Published
- 2023-03-08 EPSS Updated
- 2024-09-16 CVE Updated
- 2024-09-16 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-59: Improper Link Resolution Before File Access ('Link Following')
- CWE-379: Creation of Temporary File in Directory with Insecure Permissions
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
https://usn.ubuntu.com/4315-1 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://launchpad.net/bugs/1862348 | 2024-09-16 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://usn.ubuntu.com/4315-2 | 2022-10-07 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | esm |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | esm |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 19.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "19.10" | - |
Affected
| ||||||
Apport Project Search vendor "Apport Project" | Apport Search vendor "Apport Project" for product "Apport" | - | - |
Affected
|