CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-1242 – Ubuntu Security Notice USN-6894-1
https://notcve.org/view.php?id=CVE-2022-1242
17 May 2022 — Apport can be tricked into connecting to arbitrary sockets as the root user Se puede engañar a Apport para que se conecte a sockets arbitrarios como usuario root Muqing Liu and neoni discovered that Apport incorrectly handled detecting if an executable was replaced after a crash. A local attacker could possibly use this issue to execute arbitrary code as the root user. Gerrit Venema discovered that Apport incorrectly handled connections to Apport sockets inside containers. A local attacker could possibly us... • https://ubuntu.com/security/notices/USN-5427-1 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 175EXPL: 1CVE-2021-3710 – Apport info disclosure via path traversal bug in read_file
https://notcve.org/view.php?id=CVE-2021-3710
01 Oct 2021 — An information disclosure via path traversal was discovered in apport/hookutils.py function read_file(). This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3; Se ha detectado una divulgación de información por medio de un salto de ruta en la función read_file() del archivo apport/hookutils.py. Este... • https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1933832 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-24: Path Traversal: '../filedir' •
CVSS: 6.5EPSS: 0%CPEs: 175EXPL: 1CVE-2021-3709 – Apport file permission bypass through emacs byte compilation errors
https://notcve.org/view.php?id=CVE-2021-3709
14 Sep 2021 — Function check_attachment_for_errors() in file data/general-hooks/ubuntu.py could be tricked into exposing private data via a constructed crash file. This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions prior to 2.20.1-0ubuntu2.30+esm2; 2.20.9 versions prior to 2.20.9-0ubuntu7.26; 2.20.11 versions prior to 2.20.11-0ubuntu27.20; 2.20.11 versions prior to 2.20.11-0ubuntu65.3; La función check_attachment_for_errors() en el archivo data/general-hooks/ubuntu.py podría ser ... • https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1934308 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 1CVE-2021-32557 – apport process_report() arbitrary file write
https://notcve.org/view.php?id=CVE-2021-32557
12 Jun 2021 — It was discovered that the process_report() function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks. Se ha detectado que la función process_report() en la ruta data/whoopsie-upload-all permitía la escritura arbitraria de archivos por medio de enlaces simbólicos • https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-61: UNIX Symbolic Link (Symlink) Following •
CVSS: 3.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-32556 – apport get_modified_conffiles() function command injection
https://notcve.org/view.php?id=CVE-2021-32556
12 Jun 2021 — It was discovered that the get_modified_conffiles() function in backends/packaging-apt-dpkg.py allowed injecting modified package names in a manner that would confuse the dpkg(1) call. Se ha detectado que la función get_modified_conffiles() en el archivo backends/packaging-apt-dpkg.py permitía inyectar nombres de paquetes modificados de forma que se confundía la llamada a dpkg(1) • https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 1CVE-2021-25683 – apport improperly parses /proc/pid/stat
https://notcve.org/view.php?id=CVE-2021-25683
11 Jun 2021 — It was discovered that the get_starttime() function in data/apport did not properly parse the /proc/pid/stat file from the kernel. Se descubrió que la función get_starttime() en data/apport no analizaba correctamente el archivo /proc/pid/stat del kernel • https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1912326 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 1CVE-2021-25682 – apport improperly parses /proc/pid/status
https://notcve.org/view.php?id=CVE-2021-25682
03 Feb 2021 — It was discovered that the get_pid_info() function in data/apport did not properly parse the /proc/pid/status file from the kernel. Se descubrió que la función get_pid_info() en data/apport no analizaba correctamente el archivo /proc/pid/status del kernel Itai Greenhut discovered that Apport incorrectly parsed certain files in the /proc filesystem. A local attacker could use this issue to escalate privileges and run arbitrary code. Itai Greenhut discovered that Apport incorrectly handled opening certain spe... • https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1912326 • CWE-20: Improper Input Validation CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 1CVE-2021-25684 – apport can be stalled by reading a FIFO
https://notcve.org/view.php?id=CVE-2021-25684
03 Feb 2021 — It was discovered that apport in data/apport did not properly open a report file to prevent hanging reads on a FIFO. Se descubrió que apport en data/apport no abría correctamente un archivo de informes para evitar lecturas colgadas en un FIFO Itai Greenhut discovered that Apport incorrectly parsed certain files in the /proc filesystem. A local attacker could use this issue to escalate privileges and run arbitrary code. Itai Greenhut discovered that Apport incorrectly handled opening certain special files. A... • https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1912326 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 107EXPL: 1CVE-2020-15701 – Unhandled exception in apport
https://notcve.org/view.php?id=CVE-2020-15701
05 Aug 2020 — An unhandled exception in check_ignored() in apport/report.py can be exploited by a local attacker to cause a denial of service. If the mtime attribute is a string value in apport-ignore.xml, it will trigger an unhandled exception, resulting in a crash. Fixed in 2.20.1-0ubuntu2.24, 2.20.9-0ubuntu7.16, 2.20.11-0ubuntu27.6. Un atacante local puede explotar una excepción no manejada en la función check_ignored() en el archivo apport/report.py para causar una denegación de servicio. Si el atributo mtime es un v... • https://launchpad.net/bugs/1877023 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.0EPSS: 0%CPEs: 104EXPL: 0CVE-2020-15702 – TOCTOU in apport
https://notcve.org/view.php?id=CVE-2020-15702
05 Aug 2020 — TOCTOU Race Condition vulnerability in apport allows a local attacker to escalate privileges and execute arbitrary code. An attacker may exit the crashed process and exploit PID recycling to spawn a root process with the same PID as the crashed process, which can then be used to escalate privileges. Fixed in 2.20.1-0ubuntu2.24, 2.20.9 versions prior to 2.20.9-0ubuntu7.16 and 2.20.11 versions prior to 2.20.11-0ubuntu27.6. Was ZDI-CAN-11234. La vulnerabilidad de Condición de Carrera TOCTOU en apport permite a... • https://usn.ubuntu.com/4449-1 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •