CVE-2020-8833

Priority
Description
Time-of-check Time-of-use Race Condition vulnerability on crash report
ownership change in Apport allows for a possible privilege escalation
opportunity. If fs.protected_symlinks is disabled, this can be exploited
between the os.open and os.chown calls when the Apport cron script clears
out crash files of size 0. A symlink with the same name as the deleted file
can then be created upon which chown will be called, changing the file
owner to root. Fixed in versions 2.20.1-0ubuntu2.23, 2.20.9-0ubuntu7.14,
2.20.11-0ubuntu8.8 and 2.20.11-0ubuntu22.
Mitigation
This ability to exploit this is likely mitigated by the Ubuntu default of
fs.protected_symlinks=1
Assigned-to
amurray
Notes
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):needs-triage
Ubuntu 16.04 LTS (Xenial Xerus):released (2.20.1-0ubuntu2.23)
Ubuntu 18.04 LTS (Bionic Beaver):released (2.20.9-0ubuntu7.14)
Ubuntu 19.10 (Eoan Ermine):released (2.20.11-0ubuntu8.8)
Ubuntu 20.04 LTS (Focal Fossa):released (2.20.11-0ubuntu22)
Ubuntu 20.10 (Groovy Gorilla):released (2.20.11-0ubuntu22)
More Information

Updated: 2020-05-07 13:15:19 UTC (commit 9c52fbc2943459298ae6679cb4a2c01c5d1eed4d)