CVE-2020-15703

2020-09-2400:00:00

ubuntu.com

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.0005 Low

EPSS

Percentile

16.0%

JSON

There is no input validation on the Locale property in an apt transaction.
An unprivileged user can supply a full path to a writable directory, which
lets aptd read a file as root. Having a symlink in place results in an
error message if the file exists, and no error otherwise. This way an
unprivileged user can check for the existence of any files on the system as
root.

Bugs

<https://bugs.launchpad.net/ubuntu/+source/aptdaemon/+bug/1888235>

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchaptdaemon< 1.1.1+bzr982-0ubuntu19.4UNKNOWN
ubuntu20.04noarchaptdaemon< 1.1.1+bzr982-0ubuntu32.2UNKNOWN
ubuntu16.04noarchaptdaemon< 1.1.1+bzr982-0ubuntu14.4UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	aptdaemon	< 1.1.1+bzr982-0ubuntu19.4	UNKNOWN
ubuntu	20.04	noarch	aptdaemon	< 1.1.1+bzr982-0ubuntu32.2	UNKNOWN
ubuntu	16.04	noarch	aptdaemon	< 1.1.1+bzr982-0ubuntu14.4	UNKNOWN