Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

Ubuntu: USN-4451-2 Moderate: ppp Kernel Module Code Execution

ubuntu
Calendar Grey August 6, 2020
Dist Ubuntu Esm H88
The Ubuntu Security Notice USN-4500-1 highlights a vulnerability in the gdm package that permits unauthorized access to system resources and potential escalation of privileges.
ppp could be made to load arbitrary kernel modules and possibly run programs.

Summary

ppp could be made to load arbitrary kernel modules and possibly run

programs.

Software Description:

- ppp: Point-to-Point Protocol (PPP)

Details:

USN-4451-1 fixed a vulnerability in ppp. This update provides

the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

Original advisory details:

Thomas Chauchefoin discovered that ppp incorrectly handled module loading.

A local attacker could use this issue to load arbitrary kernel modules and

possibly execute arbitrary code.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
  ppp                             2.4.5-5.1ubuntu2.3+esm2

Ubuntu 12.04 ESM:
  ppp                             2.4.5-5ubuntu1.4

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4451-2

https://ubuntu.com/security/notices/USN-4451-1

CVE-2020-15704

Severity
important
Lowest
Low
Medium
High
Critical

August 06, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here