Vulnerability Details CVE-2020-15704
The modprobe child process in the ./debian/patches/load_ppp_generic_if_needed patch file incorrectly handled module loading. A local non-root attacker could exploit the MODPROBE_OPTIONS environment variable to read arbitrary root files. Fixed in 2.4.5-5ubuntu1.4, 2.4.5-5.1ubuntu2.3+esm2, 2.4.7-1+2ubuntu1.16.04.3, 2.4.7-2+2ubuntu1.3, 2.4.7-2+4.1ubuntu5.1, 2.4.7-2+4.1ubuntu6. Was ZDI-CAN-11504.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 14.3%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 2.1
References
Products affected by CVE-2020-15704
-
cpe:2.3:a:canonical:ppp:2.4.2+20040428-2ubuntu6
-
cpe:2.3:a:canonical:ppp:2.4.2+20040428-2ubuntu6.2
-
cpe:2.3:a:canonical:ppp:2.4.2+20040428-6ubuntu1
-
cpe:2.3:a:canonical:ppp:2.4.3-20050321+2ubuntu1
-
cpe:2.3:a:canonical:ppp:2.4.3-20050321+2ubuntu1.1
-
cpe:2.3:a:canonical:ppp:2.4.4b1-1ubuntu1
-
cpe:2.3:a:canonical:ppp:2.4.4b1-1ubuntu2
-
cpe:2.3:a:canonical:ppp:2.4.4b1-1ubuntu3
-
cpe:2.3:a:canonical:ppp:2.4.4b1-1ubuntu3.1
-
cpe:2.3:a:canonical:ppp:2.4.4b1-1ubuntu4
-
cpe:2.3:a:canonical:ppp:2.4.4rel-10ubuntu1
-
cpe:2.3:a:canonical:ppp:2.4.4rel-10ubuntu2
-
cpe:2.3:a:canonical:ppp:2.4.4rel-10ubuntu2.8.10.1
-
cpe:2.3:a:canonical:ppp:2.4.4rel-10ubuntu3
-
cpe:2.3:a:canonical:ppp:2.4.4rel-1ubuntu1
-
cpe:2.3:a:canonical:ppp:2.4.4rel-4.1ubuntu1
-
cpe:2.3:a:canonical:ppp:2.4.4rel-4.1ubuntu2
-
cpe:2.3:a:canonical:ppp:2.4.4rel-4ubuntu1
-
cpe:2.3:a:canonical:ppp:2.4.4rel-9ubuntu1
-
cpe:2.3:a:canonical:ppp:2.4.4rel-9ubuntu2
-
cpe:2.3:a:canonical:ppp:2.4.5-4ubuntu1
-
cpe:2.3:a:canonical:ppp:2.4.5-5.1ubuntu1
-
cpe:2.3:a:canonical:ppp:2.4.5-5.1ubuntu2
-
cpe:2.3:a:canonical:ppp:2.4.5-5.1ubuntu2.1
-
cpe:2.3:a:canonical:ppp:2.4.5-5.1ubuntu2.2
-
cpe:2.3:a:canonical:ppp:2.4.5-5.1ubuntu2.3
-
cpe:2.3:a:canonical:ppp:2.4.5-5.1ubuntu2.3+esm2
-
cpe:2.3:a:canonical:ppp:2.4.5-5.1ubuntu3
-
cpe:2.3:a:canonical:ppp:2.4.5-5.1ubuntu3.1
-
cpe:2.3:a:canonical:ppp:2.4.5-5.1ubuntu3.2
-
cpe:2.3:a:canonical:ppp:2.4.5-5.1ubuntu4
-
cpe:2.3:a:canonical:ppp:2.4.5-5ubuntu1
-
cpe:2.3:a:canonical:ppp:2.4.5-5ubuntu1.1
-
cpe:2.3:a:canonical:ppp:2.4.5-5ubuntu1.2
-
cpe:2.3:a:canonical:ppp:2.4.5-5ubuntu1.4
-
cpe:2.3:a:canonical:ppp:2.4.5-5ubuntu2
-
cpe:2.3:a:canonical:ppp:2.4.6-3.1ubuntu1
-
cpe:2.3:a:canonical:ppp:2.4.6-3ubuntu1
-
cpe:2.3:a:canonical:ppp:2.4.7-1+1ubuntu1
-
cpe:2.3:a:canonical:ppp:2.4.7-1+2ubuntu1
-
cpe:2.3:a:canonical:ppp:2.4.7-1+2ubuntu1.16.04.1
-
cpe:2.3:a:canonical:ppp:2.4.7-1+2ubuntu1.16.04.2
-
cpe:2.3:a:canonical:ppp:2.4.7-1+2ubuntu1.16.04.3
-
cpe:2.3:a:canonical:ppp:2.4.7-1+4ubuntu1
-
cpe:2.3:a:canonical:ppp:2.4.7-1+4ubuntu2
-
cpe:2.3:a:canonical:ppp:2.4.7-1+4ubuntu3
-
cpe:2.3:a:canonical:ppp:2.4.7-1+ubuntu1.16.04.3
-
cpe:2.3:a:canonical:ppp:2.4.7-2+1ubuntu1
-
cpe:2.3:a:canonical:ppp:2.4.7-2+2ubuntu1
-
cpe:2.3:a:canonical:ppp:2.4.7-2+2ubuntu1.1
-
cpe:2.3:a:canonical:ppp:2.4.7-2+2ubuntu1.2
-
cpe:2.3:a:canonical:ppp:2.4.7-2+2ubuntu1.3
-
cpe:2.3:a:canonical:ppp:2.4.7-2+3ubuntu1
-
cpe:2.3:a:canonical:ppp:2.4.7-2+4.1ubuntu1
-
cpe:2.3:a:canonical:ppp:2.4.7-2+4.1ubuntu2
-
cpe:2.3:a:canonical:ppp:2.4.7-2+4.1ubuntu3
-
cpe:2.3:a:canonical:ppp:2.4.7-2+4.1ubuntu4
-
cpe:2.3:a:canonical:ppp:2.4.7-2+4.1ubuntu4.1
-
cpe:2.3:a:canonical:ppp:2.4.7-2+4.1ubuntu5
-
cpe:2.3:o:canonical:ubuntu_linux:12.04
-
cpe:2.3:o:canonical:ubuntu_linux:14.04
-
cpe:2.3:o:canonical:ubuntu_linux:16.04
-
cpe:2.3:o:canonical:ubuntu_linux:18.04
-
cpe:2.3:o:canonical:ubuntu_linux:20.04