Lucene search

K
archlinuxArchLinuxASA-202012-5
HistoryDec 05, 2020 - 12:00 a.m.

[ASA-202012-5] ant: arbitrary code execution

2020-12-0500:00:00
security.archlinux.org
132
apache ant
code execution
security vulnerability

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.002

Percentile

58.7%

Arch Linux Security Advisory ASA-202012-5

Severity: Medium
Date : 2020-12-05
CVE-ID : CVE-2020-11979
Package : ant
Type : arbitrary code execution
Remote : No
Link : https://security.archlinux.org/AVG-1312

Summary

The package ant before version 1.10.9-1 is vulnerable to arbitrary code
execution.

Resolution

Upgrade to 1.10.9-1.

pacman -Syu “ant>=1.10.9-1”

The problem has been fixed upstream in version 1.10.9.

Workaround

The issue can be mitigated by making Ant use a directory that is only
readable and writable by the current user.

Description

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the
permissions of temporary files it created so that only the current user
was allowed to access them. Unfortunately the fixcrlf task deleted the
temporary file and created a new one without said protection,
effectively nullifying the effort. This would still allow an attacker
to inject modified source files into the build process.

Impact

A local attacker might be able to execute arbitrary code by injecting
modified source files into the build process at the exact right moment.

References

https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40<dev.ant.apache.org>
https://security.archlinux.org/CVE-2020-11979

OSVersionArchitecturePackageVersionFilename
ArchLinuxanyanyant< 1.10.9-1UNKNOWN

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.002

Percentile

58.7%