CVE Vulnerabilities

CVE-2020-8831

Creation of Temporary File in Directory with Insecure Permissions

Published: Apr 22, 2020 | Modified: Nov 21, 2024
CVSS 3.x
5.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CVSS 2.x
2.1 LOW
AV:L/AC:L/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu
HIGH

Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory. If the apport/ directory does not exist (this is not uncommon as /var/lock is a tmpfs), it will create the directory, otherwise it will simply continue execution using the existing directory. This allows for a symlink attack if an attacker were to create a symlink at /var/lock/apport, changing apports lock file location. This file could then be used to escalate privileges, for example. Fixed in versions 2.20.1-0ubuntu2.23, 2.20.9-0ubuntu7.14, 2.20.11-0ubuntu8.8 and 2.20.11-0ubuntu22.

Weakness

The product creates a temporary file in a directory whose permissions allow unintended actors to determine the file’s existence or otherwise access that file.

Affected Software

Name Vendor Start Version End Version
Ubuntu_linux Canonical 14.04 (including) 14.04 (including)
Ubuntu_linux Canonical 16.04 (including) 16.04 (including)
Ubuntu_linux Canonical 18.04 (including) 18.04 (including)
Ubuntu_linux Canonical 19.10 (including) 19.10 (including)
Apport Ubuntu bionic *
Apport Ubuntu devel *
Apport Ubuntu eoan *
Apport Ubuntu focal *
Apport Ubuntu trusty *
Apport Ubuntu trusty/esm *
Apport Ubuntu xenial *

Potential Mitigations

References