CVE-2020-14367

Publication date 24 August 2020

Last updated 24 July 2024


Ubuntu priority

Cvss 3 Severity Score

6.0 · Medium

Score breakdown

A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it's opened for writing, chronyd does not check for an existing symbolic link with the same file name. This flaw allows an attacker with privileged access to create a symlink with the default PID file name pointing to any destination file in the system, resulting in data loss and a denial of service due to the path traversal.

Status

Package Ubuntu Release Status
chrony 24.10 oracular
Fixed 3.5.1-1ubuntu1
24.04 LTS noble
Fixed 3.5.1-1ubuntu1
23.10 mantic
Fixed 3.5.1-1ubuntu1
23.04 lunar
Fixed 3.5.1-1ubuntu1
22.10 kinetic
Fixed 3.5.1-1ubuntu1
22.04 LTS jammy
Fixed 3.5.1-1ubuntu1
21.10 impish
Fixed 3.5.1-1ubuntu1
21.04 hirsute
Fixed 3.5.1-1ubuntu1
20.10 groovy
Fixed 3.5.1-1ubuntu1
20.04 LTS focal
Fixed 3.5-6ubuntu6.2
18.04 LTS bionic
Fixed 3.2-4ubuntu4.5
16.04 LTS xenial
Vulnerable
14.04 LTS trusty Ignored end of ESM support, was needed

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
chrony

Severity score breakdown

Parameter Value
Base score 6.0 · Medium
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Scope Unchanged
Confidentiality None
Integrity impact High
Availability impact High
Vector CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

References

Related Ubuntu Security Notices (USN)

Other references