Ubuntu: USN-4518-1 (CVE-2020-13696): xawtv vulnerability
Description
An issue was discovered in LinuxTV xawtv before 3.107. The function dev_open() in v4l-conf.c does not perform sufficient checks to prevent an unprivileged caller of the program from opening unintended filesystem paths. This allows a local attacker with access to the v4l-conf setuid-root program to test for the existence of arbitrary files and to trigger an open on arbitrary files with mode O_RDWR. To achieve this, relative path components need to be added to the device path, as demonstrated by a v4l-conf -c /dev/../root/.bash_history command.
Solution(s)
- ubuntu-upgrade-alevtd
- ubuntu-upgrade-fbtv
- ubuntu-upgrade-pia
- ubuntu-upgrade-radio
- ubuntu-upgrade-scantv
- ubuntu-upgrade-streamer
- ubuntu-upgrade-ttv
- ubuntu-upgrade-v4l-conf
- ubuntu-upgrade-webcam
- ubuntu-upgrade-xawtv
- ubuntu-upgrade-xawtv-plugin-qt
- ubuntu-upgrade-xawtv-plugins
- ubuntu-upgrade-xawtv-tools
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center