vulnerability

Ubuntu: USN-4537-1 (CVE-2020-15703): Aptdaemon vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
2	(AV:L/AC:L/Au:N/C:P/I:N/A:N)	Sep 24, 2020	Sep 25, 2020	Mar 22, 2023

Severity

CVSS

(AV:L/AC:L/Au:N/C:P/I:N/A:N)

Published

Sep 24, 2020

Added

Sep 25, 2020

Modified

Mar 22, 2023

Description

There is no input validation on the Locale property in an apt transaction. An unprivileged user can supply a full path to a writable directory, which lets aptd read a file as root. Having a symlink in place results in an error message if the file exists, and no error otherwise. This way an unprivileged user can check for the existence of any files on the system as root.

Solution

ubuntu-upgrade-aptdaemon

References

CVE-2020-15703
https://attackerkb.com/topics/CVE-2020-15703
NVD-CVE-2020-15703
UBUNTU-USN-4537-1

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today