3 matches found
UNIX Symbolic Link (Symlink) Following
Overview Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following through the use of a predictable temporary file path in the screenshot handling process. An attacker can cause truncation and ownership changes of arbitrary files by pre-placing symlinks in the /tmp...
UNIX Symbolic Link (Symlink) Following
Overview Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following through the use of a predictable temporary file path in the screenshot handling process. An attacker can cause truncation and ownership changes of arbitrary files by pre-placing symlinks in the /tmp...
CVE-2020-8833
Time-of-check Time-of-use Race Condition vulnerability on crash report ownership change in Apport allows for a possible privilege escalation opportunity. If fs.protectedsymlinks is disabled, this can be exploited between the os.open and os.chown calls when the Apport cron script clears out crash...