CVE-2020-8831: World writable root owned lock file created in user controllable location

First published: Wed Apr 22 2020(Updated: )

Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory. If the apport/ directory does not exist (this is not uncommon as /var/lock is a tmpfs), it will create the directory, otherwise it will simply continue execution using the existing directory. This allows for a symlink attack if an attacker were to create a symlink at /var/lock/apport, changing apport's lock file location. This file could then be used to escalate privileges, for example. Fixed in versions 2.20.1-0ubuntu2.23, 2.20.9-0ubuntu7.14, 2.20.11-0ubuntu8.8 and 2.20.11-0ubuntu22.

Credit: security@ubuntu.com

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/type
• agent/weakness
• collector/launchpad-cve
• source/Launchpad
• collector/security-tracker-debian
• source/Debian
• agent/title
• agent/severity
• collector/usn-cve
• source/Ubuntu
• agent/references
• agent/description
• collector/mitre-cve
• source/MITRE
• agent/last-modified-date
• agent/first-publish-date
• agent/event
• agent/trending
• agent/source
• agent/author
• agent/softwarecombine
• agent/tags
• collector/nvd-cve
• source/NVD
• agent/software-canonical-lookup
• agent/software-canonical-lookup-request
• collector/nvd-index
• vendor/canonical
• canonical/ubuntu
• version/ubuntu/14.04
• version/ubuntu/16.04
• version/ubuntu/18.04
• version/ubuntu/19.10
• vendor/apport project
• canonical/ubuntu python3-apport