Don’t underestimate low-risk vulnerabilities (CVE-2020-15709). A simple method can be circumvented in Linux. 5th Sep 2020

Preface: The current Linux desktop market share is between 1.74 – 2.18%, according to the usage share of operating systems. In April 2019, Linux’s desktop market share was estimated to be 1.63%. Of all Linux users, 38.2% use Ubuntu as of May 2019. 21.5% of users rely on Debian.

Background: PPA – Personal Package Archives allow you to upload Ubuntu source packages to be built and published as an apt repository by Launchpad.

Vulnerability details: Versions of add-apt-repository before 0.98.9.2, 0.96.24.32.14, 0.96.20.10, and 0.92.37.8ubuntu0.1~esm1, printed a PPA (personal package archive) description to the terminal as-is, which allowed PPA owners to provide ANSI terminal escapes to modify terminal contents in unexpected ways.

Design limitation: A terminal escape sequence is a special sequence of characters that is printed. If the terminal understands the sequence, it won’t display the character-sequence, but will perform some action. Please refer to the attached drawings for details.

Official reference: https://nvd.nist.gov/vuln/detail/CVE-2020-15709

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.