SecuritySpace - CVE-2020-15704

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2020-15704

Description: The modprobe child process in the ./debian/patches/load_ppp_generic_if_needed patch file incorrectly handled module loading. A local non-root attacker could exploit the MODPROBE_OPTIONS environment variable to read arbitrary root files. Fixed in 2.4.5-5ubuntu1.4, 2.4.5-5.1ubuntu2.3+esm2, 2.4.7-1+2ubuntu1.16.04.3, 2.4.7-2+2ubuntu1.3, 2.4.7-2+4.1ubuntu5.1, 2.4.7-2+4.1ubuntu6. Was ZDI-CAN-11504.

Test IDs: 1.3.6.1.4.1.25623.1.0.844524 1.3.6.1.4.1.25623.1.1.12.2020.4451.2

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2020-15704
https://ubuntu.com/security/notices/USN-4451-1
https://ubuntu.com/security/notices/USN-4451-2

CVE ID:	CVE-2020-15704
Description:	The modprobe child process in the ./debian/patches/load_ppp_generic_if_needed patch file incorrectly handled module loading. A local non-root attacker could exploit the MODPROBE_OPTIONS environment variable to read arbitrary root files. Fixed in 2.4.5-5ubuntu1.4, 2.4.5-5.1ubuntu2.3+esm2, 2.4.7-1+2ubuntu1.16.04.3, 2.4.7-2+2ubuntu1.3, 2.4.7-2+4.1ubuntu5.1, 2.4.7-2+4.1ubuntu6. Was ZDI-CAN-11504.
Test IDs:	1.3.6.1.4.1.25623.1.0.844524 1.3.6.1.4.1.25623.1.1.12.2020.4451.2
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2020-15704 https://ubuntu.com/security/notices/USN-4451-1 https://ubuntu.com/security/notices/USN-4451-2