CVE-2020-15702

Canonical Ubuntu apport Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability (apport における Time-of-check Time-of-use (TOCTOU) 競合状態の脆弱性)

This vulnerability allows local attackers to escalate privileges on affected installations of Canonical Ubuntu. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

The specific flaw exists within the apport package. The issue results from the lack of proper locking when performing operations on a file. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of root. https://www.zerodayinitiative.com/advisories/ZDI-20-979/

Disclosure Date

2020/08/10

Credit

Ryota Shiga (@Ga_ryo_)

Reference

https://www.zerodayinitiative.com/advisories/ZDI-20-979/
https://ubuntu.com/security/notices/USN-4449-1
https://ubuntu.com/security/CVE-2020-15702

Back

Canonical Ubuntu apport Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability (apport における Time-of-check Time-of-use (TOCTOU) 競合状態の脆弱性)

Disclosure Date

Credit

Reference

会社情報

サービス紹介

お問い合わせ