Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2020-15704

Опубликовано: 01 сент. 2020
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 2.1
CVSS3: 5.5

Описание

The modprobe child process in the ./debian/patches/load_ppp_generic_if_needed patch file incorrectly handled module loading. A local non-root attacker could exploit the MODPROBE_OPTIONS environment variable to read arbitrary root files. Fixed in 2.4.5-5ubuntu1.4, 2.4.5-5.1ubuntu2.3+esm2, 2.4.7-1+2ubuntu1.16.04.3, 2.4.7-2+2ubuntu1.3, 2.4.7-2+4.1ubuntu5.1, 2.4.7-2+4.1ubuntu6. Was ZDI-CAN-11504.

РелизСтатусПримечание
bionic

released

2.4.7-2+2ubuntu1.3
devel

released

2.4.7-2+4.1ubuntu6
esm-infra-legacy/trusty

released

2.4.5-5.1ubuntu2.3+esm2
esm-infra/bionic

released

2.4.7-2+2ubuntu1.3
esm-infra/focal

released

2.4.7-2+4.1ubuntu5.1
esm-infra/xenial

released

2.4.7-1+2ubuntu1.16.04.3
focal

released

2.4.7-2+4.1ubuntu5.1
precise/esm

not-affected

2.4.5-5ubuntu1.4
trusty

ignored

end of standard support
trusty/esm

released

2.4.5-5.1ubuntu2.3+esm2

Показывать по

Ссылки на источники

EPSS

Процентиль: 16%
0.00052
Низкий

2.1 Low

CVSS2

5.5 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2020-15704

redhat
больше 5 лет назад

The modprobe child process in the ./debian/patches/load_ppp_generic_if_needed patch file incorrectly handled module loading. A local non-root attacker could exploit the MODPROBE_OPTIONS environment variable to read arbitrary root files. Fixed in 2.4.5-5ubuntu1.4, 2.4.5-5.1ubuntu2.3+esm2, 2.4.7-1+2ubuntu1.16.04.3, 2.4.7-2+2ubuntu1.3, 2.4.7-2+4.1ubuntu5.1, 2.4.7-2+4.1ubuntu6. Was ZDI-CAN-11504.

nvd логотип

CVE-2020-15704

CVSS3: 5.5
nvd
больше 5 лет назад

The modprobe child process in the ./debian/patches/load_ppp_generic_if_needed patch file incorrectly handled module loading. A local non-root attacker could exploit the MODPROBE_OPTIONS environment variable to read arbitrary root files. Fixed in 2.4.5-5ubuntu1.4, 2.4.5-5.1ubuntu2.3+esm2, 2.4.7-1+2ubuntu1.16.04.3, 2.4.7-2+2ubuntu1.3, 2.4.7-2+4.1ubuntu5.1, 2.4.7-2+4.1ubuntu6. Was ZDI-CAN-11504.

debian логотип

CVE-2020-15704

CVSS3: 5.5
debian
больше 5 лет назад

The modprobe child process in the ./debian/patches/load_ppp_generic_if ...

github логотип

GHSA-2q4h-xfv6-4848

github
больше 3 лет назад

The modprobe child process in the ./debian/patches/load_ppp_generic_if_needed patch file incorrectly handled module loading. A local non-root attacker could exploit the MODPROBE_OPTIONS environment variable to read arbitrary root files. Fixed in 2.4.5-5ubuntu1.4, 2.4.5-5.1ubuntu2.3+esm2, 2.4.7-1+2ubuntu1.16.04.3, 2.4.7-2+2ubuntu1.3, 2.4.7-2+4.1ubuntu5.1, 2.4.7-2+4.1ubuntu6. Was ZDI-CAN-11504.

fstec логотип

BDU:2020-03817

CVSS3: 5.9
fstec
больше 5 лет назад

Уязвимость реализации сетевого протокола PPP, связанная с ошибками в коде, позволяющая нарушителю повысить свои привилегии

EPSS

Процентиль: 16%
0.00052
Низкий

2.1 Low

CVSS2

5.5 Medium

CVSS3