Bug 1866491 (CVE-2020-15704)
| Summary: | CVE-2020-15704 ppp: Privilege escalation through loading of arbitrary kernel modules and other programs | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Pedro Sampaio <psampaio> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED NOTABUG | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | allarkin, jaskalnik, jskarvad, jsynacek, msekleta, thozza |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
A flaw in the Linux ppp daemon functionality was found in the way possibility of unexpected loading ppp_generic module during ppp daemon startup.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-08-24 21:15:18 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1866492 | ||
| Bug Blocks: | 1866493 | ||
|
Description
Pedro Sampaio
2020-08-05 17:42:37 UTC
Created ppp tracking bugs for this issue: Affects: fedora-all [bug 1866492] Could you please provide more information? From the Ubuntu link you provided it seems the problem was in Ubuntu downstream patch we never shipped in Fedora. Also I don't understand how this could be security problem. If the malicious user who is running ppp has already permissions to use modprobe and install kernel modules to filesystem, she or he could modprobe/run the malicious code by themselves and they don't need to exploit ppp. (In reply to Jaroslav Škarvada from comment #2) > Could you please provide more information? From the Ubuntu link you provided > it seems the problem was in Ubuntu downstream patch we never shipped in > Fedora. > > Also I don't understand how this could be security problem. If the malicious > user who is running ppp has already permissions to use modprobe and install > kernel modules to filesystem, she or he could modprobe/run the malicious > code by themselves and they don't need to exploit ppp. Hi Alexander, Can you help with this inquiry? I couldn't find much more info. This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-15704 External References: http://launchpadlibrarian.net/491880980/ppp_2.4.7-2+4.1ubuntu5_2.4.7-2+4.1ubuntu6.diff.gz http://forum.xbian.org/thread-1748-post-18231.html#pid18231 Statement: Red Hat Product Security does not consider this to be a vulnerability in a Red Hat product as this issue resides in Ubuntu specific patch. Moreover, the described problem that ppp daemon can load module ppp_generic on startup, and this considered to be potentially dangerous, because user can install fake ppp_generic module instead of real. However, only user with high privileges can install new ppp_generic module to correct path for modprobe, so if user have high privileges, then he can load any module he wants anyway. |