CVE-2020-8833

Published: 02 April 2020

Time-of-check Time-of-use Race Condition vulnerability on crash report ownership change in Apport allows for a possible privilege escalation opportunity. If fs.protected_symlinks is disabled, this can be exploited between the os.open and os.chown calls when the Apport cron script clears out crash files of size 0. A symlink with the same name as the deleted file can then be created upon which chown will be called, changing the file owner to root. Fixed in versions 2.20.1-0ubuntu2.23, 2.20.9-0ubuntu7.14, 2.20.11-0ubuntu8.8 and 2.20.11-0ubuntu22.

Priority

Medium

CVSS 3 base score: 4.7

Status

Package Release Status
apport
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 20.10 (Groovy Gorilla)
Released (2.20.11-0ubuntu22)
Ubuntu 20.04 LTS (Focal Fossa)
Released (2.20.11-0ubuntu22)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (2.20.9-0ubuntu7.14)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (2.20.1-0ubuntu2.23)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (2.14.1-0ubuntu3.29+esm4)
Ubuntu 12.04 ESM (Precise Pangolin) Does not exist