What is the severity of CVE-2020-8833?

CVE-2020-8833 is classified as a medium severity vulnerability due to its potential for privilege escalation.

How do I fix CVE-2020-8833?

To mitigate CVE-2020-8833, ensure that fs.protected_symlinks is enabled in the system configuration.

Which versions of Ubuntu are affected by CVE-2020-8833?

CVE-2020-8833 affects Ubuntu 14.04, 16.04, 18.04, and 19.10.

What type of vulnerability is CVE-2020-8833?

CVE-2020-8833 is a Time-of-check Time-of-use (TOCTOU) race condition vulnerability.

Can CVE-2020-8833 be exploited remotely?

CVE-2020-8833 requires local access to the system to exploit, making remote exploitation unlikely.

Vulnerability/
CVE-2020-8833

medium

5.6

CWE

362 367

22/4/2020

16/9/2024

CVE-2020-8833: Apport race condition in crash report permissions

First published: Wed Apr 22 2020(Updated: )

Last updated 24 July 2024

Credit: security@ubuntu.com

Affected Software	Affected Version	How to fix
Ubuntu	=14.04
Ubuntu	=16.04
Ubuntu	=18.04
Ubuntu	=19.10
Ubuntu Python3-apport

Remedy

This ability to exploit this is likely mitigated by the Ubuntu default of fs.protected_symlinks=1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2020-8833?
CVE-2020-8833 is classified as a medium severity vulnerability due to its potential for privilege escalation.
How do I fix CVE-2020-8833?
To mitigate CVE-2020-8833, ensure that fs.protected_symlinks is enabled in the system configuration.
Which versions of Ubuntu are affected by CVE-2020-8833?
CVE-2020-8833 affects Ubuntu 14.04, 16.04, 18.04, and 19.10.
What type of vulnerability is CVE-2020-8833?
CVE-2020-8833 is a Time-of-check Time-of-use (TOCTOU) race condition vulnerability.
Can CVE-2020-8833 be exploited remotely?
CVE-2020-8833 requires local access to the system to exploit, making remote exploitation unlikely.

agent/type
collector/launchpad-cve
source/Launchpad
collector/security-tracker-debian
source/Debian
agent/remedy
agent/weakness
agent/title
agent/severity
collector/usn-cve
source/Ubuntu
agent/references
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/trending
agent/source
agent/author
agent/softwarecombine
agent/tags
collector/nvd-cve
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/nvd-index
vendor/canonical
canonical/ubuntu
version/ubuntu/14.04
version/ubuntu/16.04
version/ubuntu/18.04
version/ubuntu/19.10
vendor/apport project
canonical/ubuntu python3-apport

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.