CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-28652 – Ubuntu Security Notice USN-6894-1
https://notcve.org/view.php?id=CVE-2022-28652
17 May 2022 — ~/.config/apport/settings parsing is vulnerable to "billion laughs" attack ~/.config/apport/settings el análisis es vulnerable al ataque de "billion laughs" Muqing Liu and neoni discovered that Apport incorrectly handled detecting if an executable was replaced after a crash. A local attacker could possibly use this issue to execute arbitrary code as the root user. Gerrit Venema discovered that Apport incorrectly handled connections to Apport sockets inside containers. A local attacker could possibly use thi... • https://ubuntu.com/security/notices/USN-5427-1 • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-28654 – Ubuntu Security Notice USN-6894-1
https://notcve.org/view.php?id=CVE-2022-28654
17 May 2022 — is_closing_session() allows users to fill up apport.log is_closing_session() permite a los usuarios completar apport.log Muqing Liu and neoni discovered that Apport incorrectly handled detecting if an executable was replaced after a crash. A local attacker could possibly use this issue to execute arbitrary code as the root user. Gerrit Venema discovered that Apport incorrectly handled connections to Apport sockets inside containers. A local attacker could possibly use this issue to connect to arbitrary sock... • https://ubuntu.com/security/notices/USN-5427-1 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-28656 – Ubuntu Security Notice USN-6894-1
https://notcve.org/view.php?id=CVE-2022-28656
17 May 2022 — is_closing_session() allows users to consume RAM in the Apport process is_closing_session() permite a los usuarios consumir RAM en el proceso de Apport Muqing Liu and neoni discovered that Apport incorrectly handled detecting if an executable was replaced after a crash. A local attacker could possibly use this issue to execute arbitrary code as the root user. Gerrit Venema discovered that Apport incorrectly handled connections to Apport sockets inside containers. A local attacker could possibly use this iss... • https://ubuntu.com/security/notices/USN-5427-1 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-28657 – Ubuntu Security Notice USN-6894-1
https://notcve.org/view.php?id=CVE-2022-28657
17 May 2022 — Apport does not disable python crash handler before entering chroot Apport no desactiva el controlador de fallos de Python antes de ingresar a chroot Muqing Liu and neoni discovered that Apport incorrectly handled detecting if an executable was replaced after a crash. A local attacker could possibly use this issue to execute arbitrary code as the root user. Gerrit Venema discovered that Apport incorrectly handled connections to Apport sockets inside containers. A local attacker could possibly use this issue... • https://ubuntu.com/security/notices/USN-5427-1 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-28658 – Ubuntu Security Notice USN-6894-1
https://notcve.org/view.php?id=CVE-2022-28658
17 May 2022 — Apport argument parsing mishandles filename splitting on older kernels resulting in argument spoofing El análisis de argumentos de Apport maneja mal la división de nombres de archivos en núcleos más antiguos, lo que resulta en suplantación de argumentos Muqing Liu and neoni discovered that Apport incorrectly handled detecting if an executable was replaced after a crash. A local attacker could possibly use this issue to execute arbitrary code as the root user. Gerrit Venema discovered that Apport incorrectly... • https://ubuntu.com/security/notices/USN-5427-1 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2022-28655 – Ubuntu Security Notice USN-6894-1
https://notcve.org/view.php?id=CVE-2022-28655
17 May 2022 — is_closing_session() allows users to create arbitrary tcp dbus connections is_closing_session() permite a los usuarios crear conexiones tcp dbus arbitrarias Muqing Liu and neoni discovered that Apport incorrectly handled detecting if an executable was replaced after a crash. A local attacker could possibly use this issue to execute arbitrary code as the root user. Gerrit Venema discovered that Apport incorrectly handled connections to Apport sockets inside containers. A local attacker could possibly use thi... • https://ubuntu.com/security/notices/USN-5427-1 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.6EPSS: 0%CPEs: 5EXPL: 1CVE-2020-8833 – Apport race condition in crash report permissions
https://notcve.org/view.php?id=CVE-2020-8833
02 Apr 2020 — Time-of-check Time-of-use Race Condition vulnerability on crash report ownership change in Apport allows for a possible privilege escalation opportunity. If fs.protected_symlinks is disabled, this can be exploited between the os.open and os.chown calls when the Apport cron script clears out crash files of size 0. A symlink with the same name as the deleted file can then be created upon which chown will be called, changing the file owner to root. Fixed in versions 2.20.1-0ubuntu2.23, 2.20.9-0ubuntu7.14, 2.20... • https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1862933 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2020-8831 – World writable root owned lock file created in user controllable location
https://notcve.org/view.php?id=CVE-2020-8831
02 Apr 2020 — Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory. If the apport/ directory does not exist (this is not uncommon as /var/lock is a tmpfs), it will create the directory, otherwise it will simply continue execution using the existing directory. This allows for a symlink attack if an attacker were to create a symlink at /var/lock/apport, changing apport's lock file location. This file could then be used to escalate privileges, for example. Fixed in v... • https://launchpad.net/bugs/1862348 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-379: Creation of Temporary File in Directory with Insecure Permissions •
CVSS: 3.3EPSS: 0%CPEs: 6EXPL: 4CVE-2019-15790 – Apport reads PID files with elevated privileges
https://notcve.org/view.php?id=CVE-2019-15790
30 Oct 2019 — Apport reads and writes information on a crashed process to /proc/pid with elevated privileges. Apport then determines which user the crashed process belongs to by reading /proc/pid through get_pid_info() in data/apport. An unprivileged user could exploit this to read information about a privileged running process by exploiting PID recycling. This information could then be used to obtain ASLR offsets for a process with an existing memory corruption vulnerability. The initial fix introduced regressions in th... • https://packetstorm.news/files/id/172858 • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2019-11481 – Apport reads arbitrary files if ~/.config/apport/settings is a symlink
https://notcve.org/view.php?id=CVE-2019-11481
30 Oct 2019 — Kevin Backhouse discovered that apport would read a user-supplied configuration file with elevated privileges. By replacing the file with a symbolic link, a user could get apport to read any file on the system as root, with unknown consequences. Kevin Backhouse detectó que Apport leería un archivo de configuración suministrado por el usuario con privilegios elevados. Al reemplazar el archivo por un enlace simbólico, un usuario podría lograr que Apport lea cualquier archivo sobre el sistema como root, con co... • https://packetstorm.news/files/id/172858 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •