PT-2020-3492 · Canonical+1 · Ppp+2
Thomas Chauchefoin
·
Published
2020-08-04
·
Updated
2021-11-18
·
CVE-2020-15704
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
ppp versions prior to 2.4.5-5ubuntu1.4
ppp versions prior to 2.4.5-5.1ubuntu2.3+esm2
ppp versions prior to 2.4.7-1+2ubuntu1.16.04.3
ppp versions prior to 2.4.7-2+2ubuntu1.3
ppp versions prior to 2.4.7-2+4.1ubuntu5.1
ppp versions prior to 2.4.7-2+4.1ubuntu6
Description
The issue is related to the incorrect handling of module loading in the modprobe child process, allowing a local non-root attacker to exploit the MODPROBE OPTIONS environment variable and read arbitrary root files. This is a privilege escalation vulnerability.
Recommendations
For versions prior to 2.4.5-5ubuntu1.4, update to version 2.4.5-5ubuntu1.4 or later.
For versions prior to 2.4.5-5.1ubuntu2.3+esm2, update to version 2.4.5-5.1ubuntu2.3+esm2 or later.
For versions prior to 2.4.7-1+2ubuntu1.16.04.3, update to version 2.4.7-1+2ubuntu1.16.04.3 or later.
For versions prior to 2.4.7-2+2ubuntu1.3, update to version 2.4.7-2+2ubuntu1.3 or later.
For versions prior to 2.4.7-2+4.1ubuntu5.1, update to version 2.4.7-2+4.1ubuntu5.1 or later.
For versions prior to 2.4.7-2+4.1ubuntu6, update to version 2.4.7-2+4.1ubuntu6 or later.
Fix
Files Accessible to External Parties
Information Disclosure
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Linuxmint
Ubuntu
Ppp