CVE-2020-8831 - Vulnerability Details - OpenCVE

Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory. If the apport/ directory does not exist (this is not uncommon as /var/lock is a tmpfs), it will create the directory, otherwise it will simply continue execution using the existing directory. This allows for a symlink attack if an attacker were to create a symlink at /var/lock/apport, changing apport's lock file location. This file could then be used to escalate privileges, for example. Fixed in versions 2.20.1-0ubuntu2.23, 2.20.9-0ubuntu7.14, 2.20.11-0ubuntu8.8 and 2.20.11-0ubuntu22.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apport Project	Apport
Canonical	Ubuntu Linux

Configuration 1 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:19.10:::::::*

Configuration 2 [-]

cpe:2.3:a:apport_project:apport:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://launchpad.net/bugs/1862348
https://usn.ubuntu.com/4315-1/
https://usn.ubuntu.com/4315-2/

History

No history.

MITRE

Status: PUBLISHED

Assigner: canonical

Published: 2020-04-22T21:15:18.418314Z

Updated: 2024-09-16T19:00:55.009Z

Reserved: 2020-02-10T00:00:00

Link: CVE-2020-8831

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-04-22T22:15:12.513

Modified: 2024-11-21T05:39:31.667

Link: CVE-2020-8831

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Apport", "vendor": "Canonical", "versions": [{"lessThan": "2.20.1-0ubuntu2.23", "status": "affected", "version": "2.20.1", "versionType": "custom"}, {"lessThan": "2.20.9-0ubuntu7.14", "status": "affected", "version": "2.20.9", "versionType": "custom"}, {"changes": [{"at": "2.20.11-0ubuntu22", "status": "unaffected"}], "lessThan": "2.20.11-0ubuntu8.8", "status": "affected", "version": "2.20.11", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Maximilien Bourgeteau"}], "datePublic": "2020-04-02T00:00:00", "descriptions": [{"lang": "en", "value": "Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory. If the apport/ directory does not exist (this is not uncommon as /var/lock is a tmpfs), it will create the directory, otherwise it will simply continue execution using the existing directory. This allows for a symlink attack if an attacker were to create a symlink at /var/lock/apport, changing apport's lock file location. This file could then be used to escalate privileges, for example. Fixed in versions 2.20.1-0ubuntu2.23, 2.20.9-0ubuntu7.14, 2.20.11-0ubuntu8.8 and 2.20.11-0ubuntu22."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-379", "description": "CWE-379 Creation of Temporary File in Directory with Incorrect Permissions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-06-24T20:06:02", "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://launchpad.net/bugs/1862348"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://usn.ubuntu.com/4315-1/"}, {"name": "USN-4315-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4315-2/"}], "source": {"advisory": "https://usn.ubuntu.com/4315-1/", "defect": ["https://launchpad.net/bugs/1862348"], "discovery": "EXTERNAL"}, "title": "World writable root owned lock file created in user controllable location", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"AKA": "", "ASSIGNER": "security@ubuntu.com", "DATE_PUBLIC": "2020-04-02T03:04:00.000Z", "ID": "CVE-2020-8831", "STATE": "PUBLIC", "TITLE": "World writable root owned lock file created in user controllable location"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apport", "version": {"version_data": [{"platform": "", "version_affected": "<", "version_name": "2.20.1", "version_value": "2.20.1-0ubuntu2.23"}, {"platform": "", "version_affected": "<", "version_name": "2.20.9", "version_value": "2.20.9-0ubuntu7.14"}, {"platform": "", "version_affected": "<", "version_name": "2.20.11", "version_value": "2.20.11-0ubuntu8.8"}, {"platform": "", "version_affected": "<", "version_name": "2.20.11", "version_value": "2.20.11-0ubuntu22"}]}}]}, "vendor_name": "Canonical"}]}}, "configuration": [], "credit": [{"lang": "eng", "value": "Maximilien Bourgeteau"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory. If the apport/ directory does not exist (this is not uncommon as /var/lock is a tmpfs), it will create the directory, otherwise it will simply continue execution using the existing directory. This allows for a symlink attack if an attacker were to create a symlink at /var/lock/apport, changing apport's lock file location. This file could then be used to escalate privileges, for example. Fixed in versions 2.20.1-0ubuntu2.23, 2.20.9-0ubuntu7.14, 2.20.11-0ubuntu8.8 and 2.20.11-0ubuntu22."}]}, "exploit": [], "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-379 Creation of Temporary File in Directory with Incorrect Permissions"}]}]}, "references": {"reference_data": [{"name": "https://launchpad.net/bugs/1862348", "refsource": "CONFIRM", "url": "https://launchpad.net/bugs/1862348"}, {"name": "https://usn.ubuntu.com/4315-1/", "refsource": "CONFIRM", "url": "https://usn.ubuntu.com/4315-1/"}, {"name": "USN-4315-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4315-2/"}]}, "solution": [], "source": {"advisory": "https://usn.ubuntu.com/4315-1/", "defect": ["https://launchpad.net/bugs/1862348"], "discovery": "EXTERNAL"}, "work_around": []}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T10:12:10.889Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://launchpad.net/bugs/1862348"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://usn.ubuntu.com/4315-1/"}, {"name": "USN-4315-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4315-2/"}]}]}, "cveMetadata": {"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "assignerShortName": "canonical", "cveId": "CVE-2020-8831", "datePublished": "2020-04-22T21:15:18.418314Z", "dateReserved": "2020-02-10T00:00:00", "dateUpdated": "2024-09-16T19:00:55.009Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apport_project:apport:-:*:*:*:*:*:*:*", "matchCriteriaId": "47363193-B4DB-4654-BFAC-373426212337", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory. If the apport/ directory does not exist (this is not uncommon as /var/lock is a tmpfs), it will create the directory, otherwise it will simply continue execution using the existing directory. This allows for a symlink attack if an attacker were to create a symlink at /var/lock/apport, changing apport's lock file location. This file could then be used to escalate privileges, for example. Fixed in versions 2.20.1-0ubuntu2.23, 2.20.9-0ubuntu7.14, 2.20.11-0ubuntu8.8 and 2.20.11-0ubuntu22."}, {"lang": "es", "value": "Apport crea un archivo de bloqueo de tipo world writable con propiedad root en el directorio /var/lock/apport de tipo world writable. Si el directorio apport/ no existe (esto no es raro ya que /var/lock es un tmpfs), crear\u00e1 el directorio, de lo contrario, simplemente continuar\u00e1 la ejecuci\u00f3n usando el directorio existente. Esto permite un ataque de tipo symlink si un atacante creara un enlace simb\u00f3lico en el directorio /var/lock/apport, cambiando la ubicaci\u00f3n del archivo de bloqueo de apport. Este archivo podr\u00eda ser utilizado para escalar privilegios, por ejemplo. Corregido en las versiones 2.20.1-0ubuntu2.23, 2.20.9-0ubuntu7.14, 2.20.11-0ubuntu8.8 y 2.20.11-0ubuntu22."}], "id": "CVE-2020-8831", "lastModified": "2024-11-21T05:39:31.667", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 4.0, "source": "security@ubuntu.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-04-22T22:15:12.513", "references": [{"source": "security@ubuntu.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://launchpad.net/bugs/1862348"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4315-1/"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4315-2/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://launchpad.net/bugs/1862348"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4315-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4315-2/"}], "sourceIdentifier": "security@ubuntu.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-379"}], "source": "security@ubuntu.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}]}