CVSS: 5.6EPSS: 0%CPEs: 5EXPL: 1CVE-2020-8833 – Apport race condition in crash report permissions
https://notcve.org/view.php?id=CVE-2020-8833
02 Apr 2020 — Time-of-check Time-of-use Race Condition vulnerability on crash report ownership change in Apport allows for a possible privilege escalation opportunity. If fs.protected_symlinks is disabled, this can be exploited between the os.open and os.chown calls when the Apport cron script clears out crash files of size 0. A symlink with the same name as the deleted file can then be created upon which chown will be called, changing the file owner to root. Fixed in versions 2.20.1-0ubuntu2.23, 2.20.9-0ubuntu7.14, 2.20... • https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1862933 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1CVE-2020-8831 – World writable root owned lock file created in user controllable location
https://notcve.org/view.php?id=CVE-2020-8831
02 Apr 2020 — Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory. If the apport/ directory does not exist (this is not uncommon as /var/lock is a tmpfs), it will create the directory, otherwise it will simply continue execution using the existing directory. This allows for a symlink attack if an attacker were to create a symlink at /var/lock/apport, changing apport's lock file location. This file could then be used to escalate privileges, for example. Fixed in v... • https://launchpad.net/bugs/1862348 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-379: Creation of Temporary File in Directory with Insecure Permissions •
CVSS: 3.3EPSS: 0%CPEs: 6EXPL: 4CVE-2019-15790 – Apport reads PID files with elevated privileges
https://notcve.org/view.php?id=CVE-2019-15790
30 Oct 2019 — Apport reads and writes information on a crashed process to /proc/pid with elevated privileges. Apport then determines which user the crashed process belongs to by reading /proc/pid through get_pid_info() in data/apport. An unprivileged user could exploit this to read information about a privileged running process by exploiting PID recycling. This information could then be used to obtain ASLR offsets for a process with an existing memory corruption vulnerability. The initial fix introduced regressions in th... • https://packetstorm.news/files/id/172858 • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2019-11481 – Apport reads arbitrary files if ~/.config/apport/settings is a symlink
https://notcve.org/view.php?id=CVE-2019-11481
30 Oct 2019 — Kevin Backhouse discovered that apport would read a user-supplied configuration file with elevated privileges. By replacing the file with a symbolic link, a user could get apport to read any file on the system as root, with unknown consequences. Kevin Backhouse detectó que Apport leería un archivo de configuración suministrado por el usuario con privilegios elevados. Al reemplazar el archivo por un enlace simbólico, un usuario podría lograr que Apport lea cualquier archivo sobre el sistema como root, con co... • https://packetstorm.news/files/id/172858 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 4.7EPSS: 0%CPEs: 6EXPL: 0CVE-2019-11482 – Race condition between reading current working directory and writing a core dump
https://notcve.org/view.php?id=CVE-2019-11482
30 Oct 2019 — Sander Bos discovered a time of check to time of use (TOCTTOU) vulnerability in apport that allowed a user to cause core files to be written in arbitrary directories. Sander Bos detectó una vulnerabilidad de tiempo de comprobación a tiempo de uso (TOCTTOU) en Apport que permitía al usuario causar que los archivos principales se escribieran en directorios arbitrarios. USN-4171-1 fixed vulnerabilities in Apport. The update caused a regression when handling configuration files. This update fixes the problem, a... • https://usn.ubuntu.com/usn/usn-4171-1 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.0EPSS: 0%CPEs: 6EXPL: 0CVE-2019-11483 – Ubuntu Security Notice USN-4171-6
https://notcve.org/view.php?id=CVE-2019-11483
30 Oct 2019 — Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. Sander Bos detectó que Apport manejó inapropiadamente los vertederos accidentales procedentes de contenedores. Esto podría ser utilizado por un atacante local para generar un reporte de bloqueo para un proceso privilegiado que pueda ser leído por un usuario no privilegiado. USN-4171-1 fixed vulner... • https://usn.ubuntu.com/usn/usn-4171-1 •
CVSS: 3.3EPSS: 0%CPEs: 6EXPL: 0CVE-2019-11485 – apport created lock file in wrong directory
https://notcve.org/view.php?id=CVE-2019-11485
30 Oct 2019 — Sander Bos discovered Apport's lock file was in a world-writable directory which allowed all users to prevent crash handling. Sander Bos detectó que el archivo de bloqueo de Apport estaba en un directorio de tipo world-writable que permitía a todos los usuarios impedir el manejo de bloqueos. USN-4171-1 fixed vulnerabilities in Apport. The update caused a regression when handling configuration files. This update fixes the problem, and also introduces further hardening measures. • https://usn.ubuntu.com/usn/usn-4171-1 • CWE-412: Unrestricted Externally Accessible Lock •
CVSS: 7.0EPSS: 0%CPEs: 10EXPL: 2CVE-2019-7307 – Apport contains a TOCTTOU vulnerability when reading the users ~/.apport-ignore.xml
https://notcve.org/view.php?id=CVE-2019-7307
09 Jul 2019 — Apport before versions 2.14.1-0ubuntu3.29+esm1, 2.20.1-0ubuntu2.19, 2.20.9-0ubuntu7.7, 2.20.10-0ubuntu27.1, 2.20.11-0ubuntu5 contained a TOCTTOU vulnerability when reading the users ~/.apport-ignore.xml file, which allows a local attacker to replace this file with a symlink to any other file on the system and so cause Apport to include the contents of this other file in the resulting crash report. The crash report could then be read by that user either by causing it to be uploaded and reported to Launchpad,... • https://packetstorm.news/files/id/172858 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2018-6552 – Apport treats the container PID as the global PID when /proc/<global_pid>/ is missing
https://notcve.org/view.php?id=CVE-2018-6552
31 May 2018 — Apport does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers. The is_same_ns() function returns True when /proc/
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2017-14179
https://notcve.org/view.php?id=CVE-2017-14179
02 Feb 2018 — Apport before 2.13 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers. Apport, en versiones anteriores a la 2.13, no gestiona adecuadamente los cierres inesperados provenientes de un espacio de nombre PID, lo que permite que los usuarios locales creen ciertos archivos como root. Un atacante podría... • https://launchpad.net/bugs/1726372 • CWE-400: Uncontrolled Resource Consumption •