UBUNTU-CVE-2020-13696
- Source
- https://ubuntu.com/security/CVE-2020-13696
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-13696.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2020-13696
- Related
- Published
- 2020-06-08T17:15:00Z
- Modified
- 2024-10-15T14:07:29Z
- Severity
-
- 4.4 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in LinuxTV xawtv before 3.107. The function devopen() in v4l-conf.c does not perform sufficient checks to prevent an unprivileged caller of the program from opening unintended filesystem paths. This allows a local attacker with access to the v4l-conf setuid-root program to test for the existence of arbitrary files and to trigger an open on arbitrary files with mode ORDWR. To achieve this, relative path components need to be added to the device path, as demonstrated by a v4l-conf -c /dev/../root/.bash_history command.
- References
Affected packages
Ubuntu:16.04:LTS / xawtv
Package
- Name
- xawtv
- Purl
- pkg:deb/ubuntu/xawtv?arch=src?distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.103-3+deb8u1build0.16.04.1
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "low",
"binaries": [
{
"binary_version": "3.103-3+deb8u1build0.16.04.1",
"binary_name": "alevtd"
},
{
"binary_version": "3.103-3+deb8u1build0.16.04.1",
"binary_name": "alevtd-dbgsym"
},
{
"binary_version": "3.103-3+deb8u1build0.16.04.1",
"binary_name": "fbtv"
},
{
"binary_version": "3.103-3+deb8u1build0.16.04.1",
"binary_name": "fbtv-dbgsym"
},
{
"binary_version": "3.103-3+deb8u1build0.16.04.1",
"binary_name": "pia"
},
{
"binary_version": "3.103-3+deb8u1build0.16.04.1",
"binary_name": "pia-dbgsym"
},
{
"binary_version": "3.103-3+deb8u1build0.16.04.1",
"binary_name": "radio"
},
{
"binary_version": "3.103-3+deb8u1build0.16.04.1",
"binary_name": "radio-dbgsym"
},
{
"binary_version": "3.103-3+deb8u1build0.16.04.1",
"binary_name": "scantv"
},
{
"binary_version": "3.103-3+deb8u1build0.16.04.1",
"binary_name": "scantv-dbgsym"
},
{
"binary_version": "3.103-3+deb8u1build0.16.04.1",
"binary_name": "streamer"
},
{
"binary_version": "3.103-3+deb8u1build0.16.04.1",
"binary_name": "streamer-dbgsym"
},
{
"binary_version": "3.103-3+deb8u1build0.16.04.1",
"binary_name": "ttv"
},
{
"binary_version": "3.103-3+deb8u1build0.16.04.1",
"binary_name": "ttv-dbgsym"
},
{
"binary_version": "3.103-3+deb8u1build0.16.04.1",
"binary_name": "v4l-conf"
},
{
"binary_version": "3.103-3+deb8u1build0.16.04.1",
"binary_name": "v4l-conf-dbgsym"
},
{
"binary_version": "3.103-3+deb8u1build0.16.04.1",
"binary_name": "webcam"
},
{
"binary_version": "3.103-3+deb8u1build0.16.04.1",
"binary_name": "webcam-dbgsym"
},
{
"binary_version": "3.103-3+deb8u1build0.16.04.1",
"binary_name": "xawtv"
},
{
"binary_version": "3.103-3+deb8u1build0.16.04.1",
"binary_name": "xawtv-dbg"
},
{
"binary_version": "3.103-3+deb8u1build0.16.04.1",
"binary_name": "xawtv-dbgsym"
},
{
"binary_version": "3.103-3+deb8u1build0.16.04.1",
"binary_name": "xawtv-plugin-qt"
},
{
"binary_version": "3.103-3+deb8u1build0.16.04.1",
"binary_name": "xawtv-plugin-qt-dbgsym"
},
{
"binary_version": "3.103-3+deb8u1build0.16.04.1",
"binary_name": "xawtv-plugins"
},
{
"binary_version": "3.103-3+deb8u1build0.16.04.1",
"binary_name": "xawtv-plugins-dbgsym"
},
{
"binary_version": "3.103-3+deb8u1build0.16.04.1",
"binary_name": "xawtv-tools"
},
{
"binary_version": "3.103-3+deb8u1build0.16.04.1",
"binary_name": "xawtv-tools-dbgsym"
}
]
}
Ubuntu:Pro:18.04:LTS / xawtv
Package
- Name
- xawtv
- Purl
- pkg:deb/ubuntu/xawtv?arch=src?distro=esm-apps/bionic