CVE-2020-8831

Name of the Vulnerable Software and Affected Versions Apport versions prior to 2.20.1-0ubuntu2.23 Apport versions prior to 2.20.9-0ubuntu7.14 Apport versions prior to 2.20.11-0ubuntu8.8 Apport versions prior to 2.20.11-0ubuntu22

Description The issue is related to Apport creating a world-writable lock file with root ownership in the /var/lock/apport directory. If the apport directory does not exist, it will be created. This allows for a symlink attack if an attacker creates a symlink at /var/lock/apport, changing Apport's lock file location. The file could then be used to escalate privileges.

Recommendations For versions prior to 2.20.1-0ubuntu2.23, update to version 2.20.1-0ubuntu2.23 or later. For versions prior to 2.20.9-0ubuntu7.14, update to version 2.20.9-0ubuntu7.14 or later. For versions prior to 2.20.11-0ubuntu8.8, update to version 2.20.11-0ubuntu8.8 or later. For versions prior to 2.20.11-0ubuntu22, update to version 2.20.11-0ubuntu22 or later. As a temporary workaround, consider restricting access to the /var/lock/apport directory to minimize the risk of exploitation.