4.7 - CVE-2020-8833

Executive Summary

Informations
Name	CVE-2020-8833	First vendor Publication	2020-04-22
Vendor	Cve	Last vendor Modification	2022-10-07

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Overall CVSS Score	4.7
Base Score	4.7	Environmental Score	4.7
impact SubScore	3.6	Temporal Score	4.7
Exploitabality Sub Score	1

Attack Vector	Local	Attack Complexity	High
Privileges Required	Low	User Interaction	None
Scope	Unchanged	Confidentiality Impact	High
Integrity Impact	None	Availability Impact	None
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:P/I:N/A:N)
Cvss Base Score	1.9	Attack Range	Local
Cvss Impact Score	2.9	Attack Complexity	Medium
Cvss Expoit Score	3.4	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Time-of-check Time-of-use Race Condition vulnerability on crash report ownership change in Apport allows for a possible privilege escalation opportunity. If fs.protected_symlinks is disabled, this can be exploited between the os.open and os.chown calls when the Apport cron script clears out crash files of size 0. A symlink with the same name as the deleted file can then be created upon which chown will be called, changing the file owner to root. Fixed in versions 2.20.1-0ubuntu2.23, 2.20.9-0ubuntu7.14, 2.20.11-0ubuntu8.8 and 2.20.11-0ubuntu22.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8833

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-367	Time-of-check Time-of-use (TOCTOU) Race Condition

CPE : Common Platform Enumeration

Type	Description	Count
Application	Apport Project Apport cpe:2.3:a:apport_project:apport:-:::::::*	1
Os	Canonical Ubuntu Linux cpe:2.3:o:canonical:ubuntu_linux:19.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts::: cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm::: cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::	4

Sources (Detail)

Source	Url
CONFIRM	https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1862933 https://usn.ubuntu.com/4315-1/
UBUNTU	https://usn.ubuntu.com/4315-2/

Alert History

If you want to see full details history, please login or register.

Date	Informations
2022-10-07 21:27:51	Multiple Updates
2021-05-04 14:05:45	Multiple Updates
2021-04-22 03:10:50	Multiple Updates
2020-06-25 05:22:54	Multiple Updates
2020-05-23 02:40:57	First insertion

Type	Count
CWE ID(s)	1
CPE ID(s)	5
Sources(s)	3

4.7 - CVE-2020-8833

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

CPE : Common Platform Enumeration

Sources (Detail)

Alert History

Global Informations

Open Standards

COMPANY

STANDARDS

RECENT POSTS

MENU