CVE-2020-15703

There is no input validation on the Locale property in an apt transaction. An unprivileged user can supply a full path to a writable directory, which lets aptd read a file as root. Having a symlink in place results in an error message if the file exists, and no error otherwise. This way an unprivileged user can check for the existence of any files on the system as root.

Published: Oct 31, 2020
Updated: Apr 13, 2023
CVE: CVE-2020-15703
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 3.3
AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
aptdaemon_project / aptdaemon	1.1.1-bzr982-0ubuntu32.2	1.1.1-bzr982-0ubuntu32.2.x
aptdaemon_project / aptdaemon	1.1.1-bzr982-0ubuntu19.4	1.1.1-bzr982-0ubuntu19.4.x
aptdaemon_project / aptdaemon	1.1.1-bzr982-0ubuntu14.4	1.1.1-bzr982-0ubuntu14.4.x

https://ubuntu.com/security/notices/USN-4537-1
https://www.eyecontrol.nl/blog/the-story-of-3-cves-in-ubuntu-desktop.html

Vulnerability Database

CVE-2020-15703