Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory. If the apport/ directory does not exist (this is not uncommon as /var/lock is a tmpfs), it will create the directory, otherwise it will simply continue execution using the existing directory. This allows for a symlink attack if an attacker were to create a symlink at /var/lock/apport, changing apport's lock file location. This file could then be used to escalate privileges, for example. Fixed in versions 2.20.1-0ubuntu2.23, 2.20.9-0ubuntu7.14, 2.20.11-0ubuntu8.8 and 2.20.11-0ubuntu22.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: canonical
Published: 2020-04-22T21:15:18.418314Z
Updated: 2024-09-16T19:00:55.009Z
Reserved: 2020-02-10T00:00:00
Link: CVE-2020-8831
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-04-22T22:15:12.513
Modified: 2024-11-21T05:39:31.667
Link: CVE-2020-8831
Redhat
No data.