CVE-2020-8831 Information

Description

Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory. If the apport/ directory does not exist (this is not uncommon as /var/lock is a tmpfs) it will create the directory otherwise it will simply continue execution using the existing directory. This allows for a symlink attack if an attacker were to create a symlink at /var/lock/apport changing apport’s lock file location. This file could then be used to escalate privileges for example. Fixed in versions 2.20.1-0ubuntu2.23 2.20.9-0ubuntu7.14 2.20.11-0ubuntu8.8 and 2.20.11-0ubuntu22.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Reference

https://launchpad.net/bugs/1862348 https://usn.ubuntu.com/4315-1/ https://usn.ubuntu.com/4315-2/

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

NONE

Base Severity

5.5