Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2020-15703

There is no input validation on the Locale property in an apt transaction. An unprivileged user can supply a full path to a writable directory, which lets aptd read a file as root. Having a symlink in place results in an error message if the file exists, and no error otherwise. This way an unprivileged user can check for the existence of any files on the system as root.

Related bugs and status

CVE-2020-15703 (Candidate) is related to these bugs:

Bug #1888235: Improper Input Validation vulnerability in Locale property of a transaction leading to Information Disclosure

Summary				In	Importance	Status
	1888235	Improper Input Validation vulnerability in Locale property of a transaction leading to Information Disclosure		aptdaemon (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://ubuntu.com/sec...
MISC: https://www.eyecontrol...