7 matches found
Ubuntu: Security Advisory (USN-4315-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2020-8833
Time-of-check Time-of-use Race Condition vulnerability on crash report ownership change in Apport allows for a possible privilege escalation opportunity. If fs.protectedsymlinks is disabled, this can be exploited between the os.open and os.chown calls when the Apport cron script clears out crash...
CVE-2020-8833
The CVE-2020-8833 issue affects Ubuntu’s Apport crash-report handling. A Time-of-check Time-of-use race between os.open and os.chown can allow a local attacker to change crash-file ownership to root when fs.protected_symlinks is disabled, via a symlink with the same name as a deleted file. The fi...
CVE-2020-8833 Apport race condition in crash report permissions
Time-of-check Time-of-use Race Condition vulnerability on crash report ownership change in Apport allows for a possible privilege escalation opportunity. If fs.protectedsymlinks is disabled, this can be exploited between the os.open and os.chown calls when the Apport cron script clears out crash...
USN-4315-1: Apport vulnerabilities
Maximilien Bourgeteau discovered that the Apport lock file was created with insecure permissions. This could allow a local attacker to escalate their privileges via a symlink attack. CVE-2020-8831 Maximilien Bourgeteau discovered a race condition in Apport when setting crash report permissions...
CVE-2020-8833
Time-of-check Time-of-use Race Condition vulnerability on crash report ownership change in Apport allows for a possible privilege escalation opportunity. If fs.protectedsymlinks is disabled, this can be exploited between the os.open and os.chown calls when the Apport cron script clears out crash...
Ubuntu 16.04 LTS / 18.04 LTS : Apport vulnerabilities (USN-4315-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4315-1 advisory. Maximilien Bourgeteau discovered that the Apport lock file was created with insecure permissions. This could allow a local attacker to escala...