PublicDateAtUSN: 2020-08-04 17:00:00 UTC
Candidate: CVE-2020-15702
CRD: 2020-08-04 17:00:00 UTC
PublicDate: 2020-08-06 23:15:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15702
 https://ubuntu.com/security/notices/USN-4449-1
 https://ubuntu.com/security/notices/USN-4449-2
Description:
 TOCTOU Race Condition vulnerability in apport allows a local attacker to
 escalate privileges and execute arbitrary code. An attacker may exit the
 crashed process and exploit PID recycling to spawn a root process with the
 same PID as the crashed process, which can then be used to escalate
 privileges. Fixed in 2.20.1-0ubuntu2.24, 2.20.9 versions prior to
 2.20.9-0ubuntu7.16 and 2.20.11 versions prior to 2.20.11-0ubuntu27.6. Was
 ZDI-CAN-11234.
Ubuntu-Description: 
Notes: 
Mitigation: 
Bugs: 
Priority: medium
Discovered-by: Ryota Shiga
Assigned-to: mdeslaur
CVSS:
 zdi: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H [7.0 HIGH]
 nvd: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H [7.0 HIGH]

Patches_apport:
upstream_apport: needs-triage
precise/esm_apport: DNE
trusty_apport: ignored (out of standard support)
trusty/esm_apport: released (2.14.1-0ubuntu3.29+esm5)
xenial_apport: released (2.20.1-0ubuntu2.24)
esm-infra/xenial_apport: released (2.20.1-0ubuntu2.24)
bionic_apport: released (2.20.9-0ubuntu7.16)
eoan_apport: ignored (reached end-of-life)
focal_apport: released (2.20.11-0ubuntu27.6)
devel_apport: released (2.20.11-0ubuntu44)