CVEs-PoC/2020/CVE-2020-8831.md

### [CVE-2020-8831](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8831)
![](https://img.shields.io/static/v1?label=Product&message=Apport&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=2.20.1%3C%202.20.1-0ubuntu2.23%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-379%20Creation%20of%20Temporary%20File%20in%20Directory%20with%20Incorrect%20Permissions&color=brighgreen)

### Description

Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory. If the apport/ directory does not exist (this is not uncommon as /var/lock is a tmpfs), it will create the directory, otherwise it will simply continue execution using the existing directory. This allows for a symlink attack if an attacker were to create a symlink at /var/lock/apport, changing apport's lock file location. This file could then be used to escalate privileges, for example. Fixed in versions 2.20.1-0ubuntu2.23, 2.20.9-0ubuntu7.14, 2.20.11-0ubuntu8.8 and 2.20.11-0ubuntu22.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/Live-Hack-CVE/CVE-2020-8831