CVE Vulnerabilities

CVE-2020-15702

Time-of-check Time-of-use (TOCTOU) Race Condition

Published: Aug 06, 2020 | Modified: Jan 27, 2023
CVSS 3.x
7
HIGH
Source:
NVD
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
4.4 MEDIUM
AV:L/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

TOCTOU Race Condition vulnerability in apport allows a local attacker to escalate privileges and execute arbitrary code. An attacker may exit the crashed process and exploit PID recycling to spawn a root process with the same PID as the crashed process, which can then be used to escalate privileges. Fixed in 2.20.1-0ubuntu2.24, 2.20.9 versions prior to 2.20.9-0ubuntu7.16 and 2.20.11 versions prior to 2.20.11-0ubuntu27.6. Was ZDI-CAN-11234.

Weakness

The product checks the state of a resource before using that resource, but the resource’s state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.

Affected Software

Name Vendor Start Version End Version
Apport Canonical 2.20.11-0ubuntu8 2.20.11-0ubuntu8
Apport Canonical 2.20.11-0ubuntu9 2.20.11-0ubuntu9
Apport Canonical 2.20.11-0ubuntu10 2.20.11-0ubuntu10
Apport Canonical 2.20.11-0ubuntu11 2.20.11-0ubuntu11
Apport Canonical 2.20.11-0ubuntu12 2.20.11-0ubuntu12
Apport Canonical 2.20.11-0ubuntu13 2.20.11-0ubuntu13
Apport Canonical 2.20.11-0ubuntu14 2.20.11-0ubuntu14
Apport Canonical 2.20.11-0ubuntu15 2.20.11-0ubuntu15
Apport Canonical 2.20.11-0ubuntu16 2.20.11-0ubuntu16
Apport Canonical 2.20.11-0ubuntu17 2.20.11-0ubuntu17
Apport Canonical 2.20.11-0ubuntu18 2.20.11-0ubuntu18
Apport Canonical 2.20.11-0ubuntu19 2.20.11-0ubuntu19
Apport Canonical 2.20.11-0ubuntu20 2.20.11-0ubuntu20
Apport Canonical 2.20.11-0ubuntu21 2.20.11-0ubuntu21
Apport Canonical 2.20.11-0ubuntu22 2.20.11-0ubuntu22
Apport Canonical 2.20.11-0ubuntu23 2.20.11-0ubuntu23
Apport Canonical 2.20.11-0ubuntu24 2.20.11-0ubuntu24
Apport Canonical 2.20.11-0ubuntu25 2.20.11-0ubuntu25
Apport Canonical 2.20.11-0ubuntu26 2.20.11-0ubuntu26
Apport Canonical 2.20.11-0ubuntu27 2.20.11-0ubuntu27
Apport Canonical 2.20.11-0ubuntu27.2 2.20.11-0ubuntu27.2
Apport Canonical 2.20.11-0ubuntu27.3 2.20.11-0ubuntu27.3
Apport Canonical 2.20.11-0ubuntu27.4 2.20.11-0ubuntu27.4
Apport Canonical 2.20.11-0ubuntu27.5 2.20.11-0ubuntu27.5

Potential Mitigations

References