Vulnerability Description
Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory. If the apport/ directory does not exist (this is not uncommon as /var/lock is a tmpfs), it will create the directory, otherwise it will simply continue execution using the existing directory. This allows for a symlink attack if an attacker were to create a symlink at /var/lock/apport, changing apport's lock file location. This file could then be used to escalate privileges, for example. Fixed in versions 2.20.1-0ubuntu2.23, 2.20.9-0ubuntu7.14, 2.20.11-0ubuntu8.8 and 2.20.11-0ubuntu22.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Canonical | Ubuntu Linux | 14.04 |
| Apport Project | Apport | - |
Related Weaknesses (CWE)
References
- https://launchpad.net/bugs/1862348ExploitThird Party Advisory
- https://usn.ubuntu.com/4315-1/Third Party Advisory
- https://usn.ubuntu.com/4315-2/Third Party Advisory
- https://launchpad.net/bugs/1862348ExploitThird Party Advisory
- https://usn.ubuntu.com/4315-1/Third Party Advisory
- https://usn.ubuntu.com/4315-2/Third Party Advisory
FAQ
What is CVE-2020-8831?
CVE-2020-8831 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory. If the apport/ directory does not exist (this is not uncommon as /var/lock is a tmpfs), ...
How severe is CVE-2020-8831?
CVE-2020-8831 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-8831?
Check the references section above for vendor advisories and patch information. Affected products include: Canonical Ubuntu Linux, Apport Project Apport.