CVE-2020-15708 - OpenCVE

Ubuntu's packaging of libvirt in 20.04 LTS created a control socket with world read and write permissions. An attacker could use this to overwrite arbitrary files or execute arbitrary code.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Canonical	Ubuntu Linux

Configuration 1 [-]

cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*

References

Link	Resource
https://usn.ubuntu.com/usn/usn-4452-1	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: canonical

Published: 2020-08-04T00:00:00

Updated: 2020-11-06T01:40:13

Reserved: 2020-07-14T00:00:00

Link: CVE-2020-15708

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-11-06T02:15:12.050

Modified: 2024-02-08T17:33:49.730

Link: CVE-2020-15708

JSON object: View

Redhat Information

No data.

CWE

CWE-732

{"containers": {"cna": {"affected": [{"product": "libvirt", "vendor": "Ubuntu", "versions": [{"lessThan": "6.0.0-0ubuntu8.3", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Trent Shea"}], "datePublic": "2020-08-04T00:00:00", "descriptions": [{"lang": "en", "value": "Ubuntu's packaging of libvirt in 20.04 LTS created a control socket with world read and write permissions. An attacker could use this to overwrite arbitrary files or execute arbitrary code."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-732", "description": "CWE-732 Incorrect Permission Assignment for Critical Resource", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-11-06T01:40:13", "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://usn.ubuntu.com/usn/usn-4452-1"}], "source": {"advisory": "https://usn.ubuntu.com/usn/usn-4452-1", "discovery": "EXTERNAL"}, "title": "Libvirt Service Arbitrary File Write Privilege Escalation Vulnerability", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@ubuntu.com", "DATE_PUBLIC": "2020-08-04T00:00:00.000Z", "ID": "CVE-2020-15708", "STATE": "PUBLIC", "TITLE": "Libvirt Service Arbitrary File Write Privilege Escalation Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "libvirt", "version": {"version_data": [{"version_affected": "<", "version_value": "6.0.0-0ubuntu8.3"}]}}]}, "vendor_name": "Ubuntu"}]}}, "credit": [{"lang": "eng", "value": "Trent Shea"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Ubuntu's packaging of libvirt in 20.04 LTS created a control socket with world read and write permissions. An attacker could use this to overwrite arbitrary files or execute arbitrary code."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-732 Incorrect Permission Assignment for Critical Resource"}]}]}, "references": {"reference_data": [{"name": "https://usn.ubuntu.com/usn/usn-4452-1", "refsource": "MISC", "url": "https://usn.ubuntu.com/usn/usn-4452-1"}]}, "source": {"advisory": "https://usn.ubuntu.com/usn/usn-4452-1", "discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "assignerShortName": "canonical", "cveId": "CVE-2020-15708", "datePublished": "2020-08-04T00:00:00", "dateReserved": "2020-07-14T00:00:00", "dateUpdated": "2020-11-06T01:40:13", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Ubuntu's packaging of libvirt in 20.04 LTS created a control socket with world read and write permissions. An attacker could use this to overwrite arbitrary files or execute arbitrary code."}, {"lang": "es", "value": "El paquete de Ubuntu de libvirt en versi\u00f3n 20.04 LTS cre\u00f3 un socket de control con permisos de lectura y escritura mundial. Un atacante podr\u00eda utilizar esto para sobrescribir archivos arbitrarios o ejecutar c\u00f3digo arbitrario"}], "id": "CVE-2020-15708", "lastModified": "2024-02-08T17:33:49.730", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 6.0, "source": "security@ubuntu.com", "type": "Secondary"}]}, "published": "2020-11-06T02:15:12.050", "references": [{"source": "security@ubuntu.com", "tags": ["Vendor Advisory"], "url": "https://usn.ubuntu.com/usn/usn-4452-1"}], "sourceIdentifier": "security@ubuntu.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-732"}], "source": "security@ubuntu.com", "type": "Secondary"}]}