CVE-2020-15702

TOCTOU Race Condition vulnerability in apport allows a local attacker to escalate privileges and execute arbitrary code. An attacker may exit the crashed process and exploit PID recycling to spawn a root process with the same PID as the crashed process, which can then be used to escalate privileges. Fixed in 2.20.1-0ubuntu2.24, 2.20.9 versions prior to 2.20.9-0ubuntu7.16 and 2.20.11 versions prior to 2.20.11-0ubuntu27.6. Was ZDI-CAN-11234.
TOCTOU
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7 HIGH
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
canonicalCNA
7 HIGH
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 26%
VendorProductVersion
canonicalapport
2.20.11-0ubuntu8
canonicalapport
2.20.11-0ubuntu9
canonicalapport
2.20.11-0ubuntu10
canonicalapport
2.20.11-0ubuntu11
canonicalapport
2.20.11-0ubuntu12
canonicalapport
2.20.11-0ubuntu13
canonicalapport
2.20.11-0ubuntu14
canonicalapport
2.20.11-0ubuntu15
canonicalapport
2.20.11-0ubuntu16
canonicalapport
2.20.11-0ubuntu17
canonicalapport
2.20.11-0ubuntu18
canonicalapport
2.20.11-0ubuntu19
canonicalapport
2.20.11-0ubuntu20
canonicalapport
2.20.11-0ubuntu21
canonicalapport
2.20.11-0ubuntu22
canonicalapport
2.20.11-0ubuntu23
canonicalapport
2.20.11-0ubuntu24
canonicalapport
2.20.11-0ubuntu25
canonicalapport
2.20.11-0ubuntu26
canonicalapport
2.20.11-0ubuntu27
canonicalapport
2.20.11-0ubuntu27.2
canonicalapport
2.20.11-0ubuntu27.3
canonicalapport
2.20.11-0ubuntu27.4
canonicalapport
2.20.11-0ubuntu27.5
canonicalapport
2.20.7-0ubuntu3
canonicalapport
2.20.7-0ubuntu3.1
canonicalapport
2.20.7-0ubuntu4
canonicalapport
2.20.8-0ubuntu1
canonicalapport
2.20.8-0ubuntu2
canonicalapport
2.20.8-0ubuntu3
canonicalapport
2.20.8-0ubuntu4
canonicalapport
2.20.8-0ubuntu5
canonicalapport
2.20.8-0ubuntu6
canonicalapport
2.20.8-0ubuntu7
canonicalapport
2.20.8-0ubuntu8
canonicalapport
2.20.8-0ubuntu9
canonicalapport
2.20.8-0ubuntu10
canonicalapport
2.20.9-0ubuntu1
canonicalapport
2.20.9-0ubuntu2
canonicalapport
2.20.9-0ubuntu3
canonicalapport
2.20.9-0ubuntu4
canonicalapport
2.20.9-0ubuntu5
canonicalapport
2.20.9-0ubuntu6
canonicalapport
2.20.9-0ubuntu7
canonicalapport
2.20.9-0ubuntu7.1
canonicalapport
2.20.9-0ubuntu7.2
canonicalapport
2.20.9-0ubuntu7.3
canonicalapport
2.20.9-0ubuntu7.4
canonicalapport
2.20.9-0ubuntu7.5
canonicalapport
2.20.9-0ubuntu7.6
canonicalapport
2.20.9-0ubuntu7.7
canonicalapport
2.20.9-0ubuntu7.8
canonicalapport
2.20.9-0ubuntu7.9
canonicalapport
2.20.9-0ubuntu7.10
canonicalapport
2.20.9-0ubuntu7.11
canonicalapport
2.20.9-0ubuntu7.12
canonicalapport
2.20.9-0ubuntu7.13
canonicalapport
2.20.9-0ubuntu7.14
canonicalapport
2.20.9-0ubuntu7.15
canonicalapport
2.19.1-0ubuntu3
canonicalapport
2.19.2-0ubuntu1
canonicalapport
2.19.2-0ubuntu2
canonicalapport
2.19.2-0ubuntu3
canonicalapport
2.19.2-0ubuntu4
canonicalapport
2.19.2-0ubuntu5
canonicalapport
2.19.2-0ubuntu6
canonicalapport
2.19.2-0ubuntu7
canonicalapport
2.19.2-0ubuntu8
canonicalapport
2.19.2-0ubuntu9
canonicalapport
2.19.3-0ubuntu1
canonicalapport
2.19.3-0ubuntu2
canonicalapport
2.19.3-0ubuntu3
canonicalapport
2.19.4-0ubuntu1
canonicalapport
2.19.4-0ubuntu2
canonicalapport
2.20-0ubuntu1
canonicalapport
2.20-0ubuntu2
canonicalapport
2.20-0ubuntu3
canonicalapport
2.20.1-0ubuntu1
canonicalapport
2.20.1-0ubuntu2
canonicalapport
2.20.1-0ubuntu2.1
canonicalapport
2.20.1-0ubuntu2.2
canonicalapport
2.20.1-0ubuntu2.4
canonicalapport
2.20.1-0ubuntu2.5
canonicalapport
2.20.1-0ubuntu2.6
canonicalapport
2.20.1-0ubuntu2.7
canonicalapport
2.20.1-0ubuntu2.8
canonicalapport
2.20.1-0ubuntu2.9
canonicalapport
2.20.1-0ubuntu2.10
canonicalapport
2.20.1-0ubuntu2.12
canonicalapport
2.20.1-0ubuntu2.13
canonicalapport
2.20.1-0ubuntu2.14
canonicalapport
2.20.1-0ubuntu2.15
canonicalapport
2.20.1-0ubuntu2.16
canonicalapport
2.20.1-0ubuntu2.17
canonicalapport
2.20.1-0ubuntu2.18
canonicalapport
2.20.1-0ubuntu2.19
canonicalapport
2.20.1-0ubuntu2.20
canonicalapport
2.20.1-0ubuntu2.21
canonicalapport
2.20.1-0ubuntu2.22
canonicalapport
2.20.1-0ubuntu2.23
canonicalubuntu_linux
14.04
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
apport
focal
Fixed 2.20.11-0ubuntu27.6
released
eoan
ignored
bionic
Fixed 2.20.9-0ubuntu7.16
released
xenial
Fixed 2.20.1-0ubuntu2.24
released
trusty
Fixed 2.14.1-0ubuntu3.29+esm5
released
Common Weakness Enumeration
References
https://usn.ubuntu.com/4449-1
https://usn.ubuntu.com/4449-1/
https://usn.ubuntu.com/4449-2/
https://www.zerodayinitiative.com/advisories/ZDI-20-979/
https://usn.ubuntu.com/4449-1
https://usn.ubuntu.com/4449-1/
https://usn.ubuntu.com/4449-2/
https://www.zerodayinitiative.com/advisories/ZDI-20-979/