CVE-2020-15704 : The modprobe child process in the ./debian/patches/load_ppp_generic_if

The modprobe child process in the ./debian/patches/load_ppp_generic_if_needed patch file incorrectly handled module loading. A local non-root attacker could exploit the MODPROBE_OPTIONS environment variable to read arbitrary root files. Fixed in 2.4.5-5ubuntu1.4, 2.4.5-5.1ubuntu2.3+esm2, 2.4.7-1+2ubuntu1.16.04.3, 2.4.7-2+2ubuntu1.3, 2.4.7-2+4.1ubuntu5.1, 2.4.7-2+4.1ubuntu6. Was ZDI-CAN-11504.

Published 2020-09-01 00:15:10

Updated 2021-11-18 17:44:58

Source Canonical Ltd.

View at NVD, CVE.org

Vulnerability category: Input validationInformation leak

Products affected by CVE-2020-15704

Canonical » PPP
Versions before (<) 2.4.5-5.1ubuntu2.3\+esm2
cpe:2.3:a:canonical:ppp:*:*:*:*:*:*:*:*
Matching versions
When used together with: Canonical » Ubuntu Linux » Version: 14.04 ESM Edition
Canonical » PPP
Versions before (<) 2.4.7-2\+4.1ubuntu5.1
cpe:2.3:a:canonical:ppp:*:*:*:*:*:*:*:*
Matching versions
When used together with: Canonical » Ubuntu Linux » Version: 20.04 LTS Edition
Canonical » PPP
Versions before (<) 2.4.7-2\+2ubuntu1.3
cpe:2.3:a:canonical:ppp:*:*:*:*:*:*:*:*
Matching versions
When used together with: Canonical » Ubuntu Linux » Version: 18.04 LTS Edition
Canonical » PPP
Versions before (<) 2.4.5-5ubuntu1.4
cpe:2.3:a:canonical:ppp:*:*:*:*:*:*:*:*
Matching versions
When used together with: Canonical » Ubuntu Linux » Version: 12.04 ESM Edition
Canonical » PPP
Versions before (<) 2.4.7-1\+ubuntu1.16.04.3
cpe:2.3:a:canonical:ppp:*:*:*:*:*:*:*:*
Matching versions
When used together with: Canonical » Ubuntu Linux » Version: 16.04 LTS Edition

Exploit prediction scoring system (EPSS) score for CVE-2020-15704

EPSS FAQ

0.05%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 11 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-15704

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
2.1	LOW	AV:L/AC:L/Au:N/C:P/I:N/A:N	3.9	2.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	1.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	1.8	3.6	Canonical Ltd.
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2020-15704

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: security@ubuntu.com (Secondary)

References for CVE-2020-15704

https://ubuntu.com/security/notices/USN-4451-1

USN-4451-1: ppp vulnerability | Ubuntu security notices | Ubuntu
Vendor Advisory
https://ubuntu.com/security/notices/USN-4451-2

USN-4451-2: ppp vulnerability | Ubuntu security notices | Ubuntu
Vendor Advisory

Jump to

Vulnerability Details : CVE-2020-15704

Products affected by CVE-2020-15704

Exploit prediction scoring system (EPSS) score for CVE-2020-15704

CVSS scores for CVE-2020-15704

CWE ids for CVE-2020-15704

References for CVE-2020-15704