Your submission was sent successfully! Close

CVE-2020-15708

Published: 4 August 2020

Ubuntu's packaging of libvirt in 20.04 LTS created a control socket with world read and write permissions. An attacker could use this to overwrite arbitrary files or execute arbitrary code.

Priority

Medium

CVSS 3 base score: 7.8

Status

Package Release Status
libvirt
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
focal
Released (6.0.0-0ubuntu8.3)
precise Not vulnerable
(code not present)
trusty Not vulnerable
(code not present)
upstream Needs triage

xenial Not vulnerable
(code not present)

Notes

AuthorNote
mdeslaur
This is ZDI-CAN-11561.
caused by the switch to systemd socket activation, so bionic and
earlier are not affected

References

Bugs