Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2020-15702
HistoryAug 06, 2020 - 11:15 p.m.

CVE-2020-15702

2020-08-0623:15:11
CWE-367
[email protected]
web.nvd.nist.gov
7
apport
privilege escalation
code execution
vulnerability
local attacker
pid recycling

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

28.9%

JSON

TOCTOU Race Condition vulnerability in apport allows a local attacker to escalate privileges and execute arbitrary code. An attacker may exit the crashed process and exploit PID recycling to spawn a root process with the same PID as the crashed process, which can then be used to escalate privileges. Fixed in 2.20.1-0ubuntu2.24, 2.20.9 versions prior to 2.20.9-0ubuntu7.16 and 2.20.11 versions prior to 2.20.11-0ubuntu27.6. Was ZDI-CAN-11234.

Affected configurations

Nvd
Node
canonicalapportMatch2.20.11-0ubuntu8
OR
canonicalapportMatch2.20.11-0ubuntu9
OR
canonicalapportMatch2.20.11-0ubuntu10
OR
canonicalapportMatch2.20.11-0ubuntu11
OR
canonicalapportMatch2.20.11-0ubuntu12
OR
canonicalapportMatch2.20.11-0ubuntu13
OR
canonicalapportMatch2.20.11-0ubuntu14
OR
canonicalapportMatch2.20.11-0ubuntu15
OR
canonicalapportMatch2.20.11-0ubuntu16
OR
canonicalapportMatch2.20.11-0ubuntu17
OR
canonicalapportMatch2.20.11-0ubuntu18
OR
canonicalapportMatch2.20.11-0ubuntu19
OR
canonicalapportMatch2.20.11-0ubuntu20
OR
canonicalapportMatch2.20.11-0ubuntu21
OR
canonicalapportMatch2.20.11-0ubuntu22
OR
canonicalapportMatch2.20.11-0ubuntu23
OR
canonicalapportMatch2.20.11-0ubuntu24
OR
canonicalapportMatch2.20.11-0ubuntu25
OR
canonicalapportMatch2.20.11-0ubuntu26
OR
canonicalapportMatch2.20.11-0ubuntu27
OR
canonicalapportMatch2.20.11-0ubuntu27.2
OR
canonicalapportMatch2.20.11-0ubuntu27.3
OR
canonicalapportMatch2.20.11-0ubuntu27.4
OR
canonicalapportMatch2.20.11-0ubuntu27.5
AND
canonicalubuntu_linuxMatch20.04lts
Node
canonicalapportMatch2.20.7-0ubuntu3
OR
canonicalapportMatch2.20.7-0ubuntu3.1
OR
canonicalapportMatch2.20.7-0ubuntu4
OR
canonicalapportMatch2.20.8-0ubuntu1
OR
canonicalapportMatch2.20.8-0ubuntu2
OR
canonicalapportMatch2.20.8-0ubuntu3
OR
canonicalapportMatch2.20.8-0ubuntu4
OR
canonicalapportMatch2.20.8-0ubuntu5
OR
canonicalapportMatch2.20.8-0ubuntu6
OR
canonicalapportMatch2.20.8-0ubuntu7
OR
canonicalapportMatch2.20.8-0ubuntu8
OR
canonicalapportMatch2.20.8-0ubuntu9
OR
canonicalapportMatch2.20.8-0ubuntu10
OR
canonicalapportMatch2.20.9-0ubuntu1
OR
canonicalapportMatch2.20.9-0ubuntu2
OR
canonicalapportMatch2.20.9-0ubuntu3
OR
canonicalapportMatch2.20.9-0ubuntu4
OR
canonicalapportMatch2.20.9-0ubuntu5
OR
canonicalapportMatch2.20.9-0ubuntu6
OR
canonicalapportMatch2.20.9-0ubuntu7
OR
canonicalapportMatch2.20.9-0ubuntu7.1
OR
canonicalapportMatch2.20.9-0ubuntu7.2
OR
canonicalapportMatch2.20.9-0ubuntu7.3
OR
canonicalapportMatch2.20.9-0ubuntu7.4
OR
canonicalapportMatch2.20.9-0ubuntu7.5
OR
canonicalapportMatch2.20.9-0ubuntu7.6
OR
canonicalapportMatch2.20.9-0ubuntu7.7
OR
canonicalapportMatch2.20.9-0ubuntu7.8
OR
canonicalapportMatch2.20.9-0ubuntu7.9
OR
canonicalapportMatch2.20.9-0ubuntu7.10
OR
canonicalapportMatch2.20.9-0ubuntu7.11
OR
canonicalapportMatch2.20.9-0ubuntu7.12
OR
canonicalapportMatch2.20.9-0ubuntu7.13
OR
canonicalapportMatch2.20.9-0ubuntu7.14
OR
canonicalapportMatch2.20.9-0ubuntu7.15
AND
canonicalubuntu_linuxMatch18.04lts
Node
canonicalapportMatch2.19.1-0ubuntu3
OR
canonicalapportMatch2.19.2-0ubuntu1
OR
canonicalapportMatch2.19.2-0ubuntu2
OR
canonicalapportMatch2.19.2-0ubuntu3
OR
canonicalapportMatch2.19.2-0ubuntu4
OR
canonicalapportMatch2.19.2-0ubuntu5
OR
canonicalapportMatch2.19.2-0ubuntu6
OR
canonicalapportMatch2.19.2-0ubuntu7
OR
canonicalapportMatch2.19.2-0ubuntu8
OR
canonicalapportMatch2.19.2-0ubuntu9
OR
canonicalapportMatch2.19.3-0ubuntu1
OR
canonicalapportMatch2.19.3-0ubuntu2
OR
canonicalapportMatch2.19.3-0ubuntu3
OR
canonicalapportMatch2.19.4-0ubuntu1
OR
canonicalapportMatch2.19.4-0ubuntu2
OR
canonicalapportMatch2.20-0ubuntu1
OR
canonicalapportMatch2.20-0ubuntu2
OR
canonicalapportMatch2.20-0ubuntu3
OR
canonicalapportMatch2.20.1-0ubuntu1
OR
canonicalapportMatch2.20.1-0ubuntu2
OR
canonicalapportMatch2.20.1-0ubuntu2.1
OR
canonicalapportMatch2.20.1-0ubuntu2.2
OR
canonicalapportMatch2.20.1-0ubuntu2.4
OR
canonicalapportMatch2.20.1-0ubuntu2.5
OR
canonicalapportMatch2.20.1-0ubuntu2.6
OR
canonicalapportMatch2.20.1-0ubuntu2.7
OR
canonicalapportMatch2.20.1-0ubuntu2.8
OR
canonicalapportMatch2.20.1-0ubuntu2.9
OR
canonicalapportMatch2.20.1-0ubuntu2.10
OR
canonicalapportMatch2.20.1-0ubuntu2.12
OR
canonicalapportMatch2.20.1-0ubuntu2.13
OR
canonicalapportMatch2.20.1-0ubuntu2.14
OR
canonicalapportMatch2.20.1-0ubuntu2.15
OR
canonicalapportMatch2.20.1-0ubuntu2.16
OR
canonicalapportMatch2.20.1-0ubuntu2.17
OR
canonicalapportMatch2.20.1-0ubuntu2.18
OR
canonicalapportMatch2.20.1-0ubuntu2.19
OR
canonicalapportMatch2.20.1-0ubuntu2.20
OR
canonicalapportMatch2.20.1-0ubuntu2.21
OR
canonicalapportMatch2.20.1-0ubuntu2.22
OR
canonicalapportMatch2.20.1-0ubuntu2.23
AND
canonicalubuntu_linuxMatch16.04lts
Node
canonicalubuntu_linuxMatch14.04esm
VendorProductVersionCPE
canonicalapport2.20.11-0ubuntu8cpe:2.3:a:canonical:apport:2.20.11-0ubuntu8:*:*:*:*:*:*:*
canonicalapport2.20.11-0ubuntu9cpe:2.3:a:canonical:apport:2.20.11-0ubuntu9:*:*:*:*:*:*:*
canonicalapport2.20.11-0ubuntu10cpe:2.3:a:canonical:apport:2.20.11-0ubuntu10:*:*:*:*:*:*:*
canonicalapport2.20.11-0ubuntu11cpe:2.3:a:canonical:apport:2.20.11-0ubuntu11:*:*:*:*:*:*:*
canonicalapport2.20.11-0ubuntu12cpe:2.3:a:canonical:apport:2.20.11-0ubuntu12:*:*:*:*:*:*:*
canonicalapport2.20.11-0ubuntu13cpe:2.3:a:canonical:apport:2.20.11-0ubuntu13:*:*:*:*:*:*:*
canonicalapport2.20.11-0ubuntu14cpe:2.3:a:canonical:apport:2.20.11-0ubuntu14:*:*:*:*:*:*:*
canonicalapport2.20.11-0ubuntu15cpe:2.3:a:canonical:apport:2.20.11-0ubuntu15:*:*:*:*:*:*:*
canonicalapport2.20.11-0ubuntu16cpe:2.3:a:canonical:apport:2.20.11-0ubuntu16:*:*:*:*:*:*:*
canonicalapport2.20.11-0ubuntu17cpe:2.3:a:canonical:apport:2.20.11-0ubuntu17:*:*:*:*:*:*:*
Rows per page:
1-10 of 1041

Related

ubuntucve 1
cvelist 1
cve 1
zdi 1
prion 1
ubuntu 2
openvas 2
nessus 1
ubuntucve
ubuntucve
CVE-2020-15702
2020-08-04 00:00:00
cvelist
cvelist
CVE-2020-15702 TOCTOU in apport
2020-08-06 22:50:22
cve
cve
CVE-2020-15702
2020-08-06 23:15:11
zdi
zdi
Canonical Ubuntu apport Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability
2020-08-11 00:00:00
prion
prion
Race condition
2020-08-06 23:15:00
ubuntu
ubuntu
Apport vulnerabilities
2020-08-04 00:00:00
Apport vulnerabilities
2020-09-02 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-4449-2)
2022-08-26 00:00:00
Ubuntu: Security Advisory (USN-4449-1)
2020-08-05 00:00:00
nessus
nessus
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Apport vulnerabilities (USN-4449-1)
2020-08-06 00:00:00

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

28.9%

JSON
Related for NVD:CVE-2020-15702
ubuntucve1cvelist1cve1zdi1prion1ubuntu2openvas2nessus1