CVSS: 7.0EPSS: 0%CPEs: 10EXPL: 2CVE-2019-7307 – Apport contains a TOCTTOU vulnerability when reading the users ~/.apport-ignore.xml
https://notcve.org/view.php?id=CVE-2019-7307
09 Jul 2019 — Apport before versions 2.14.1-0ubuntu3.29+esm1, 2.20.1-0ubuntu2.19, 2.20.9-0ubuntu7.7, 2.20.10-0ubuntu27.1, 2.20.11-0ubuntu5 contained a TOCTTOU vulnerability when reading the users ~/.apport-ignore.xml file, which allows a local attacker to replace this file with a symlink to any other file on the system and so cause Apport to include the contents of this other file in the resulting crash report. The crash report could then be read by that user either by causing it to be uploaded and reported to Launchpad,... • https://packetstorm.news/files/id/172858 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2018-6552 – Apport treats the container PID as the global PID when /proc/<global_pid>/ is missing
https://notcve.org/view.php?id=CVE-2018-6552
31 May 2018 — Apport does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers. The is_same_ns() function returns True when /proc/
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2017-14177 – Ubuntu Security Notice USN-3480-2
https://notcve.org/view.php?id=CVE-2017-14177
16 Nov 2017 — Apport through 2.20.7 does not properly handle core dumps from setuid binaries allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1324. Apport, hasta la versión 2.20.7, no gestiona adecuadamente lo volcados de núcleo de binarios setuid, lo que permite que los usuarios locales creen ciertos archivos como root. Un ... • https://bazaar.launchpad.net/~apport-hackers/apport/trunk/revision/3171 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2017-14180 – Ubuntu Security Notice USN-3480-2
https://notcve.org/view.php?id=CVE-2017-14180
16 Nov 2017 — Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges, a different vulnerability than CVE-2017-14179. Apport 2.13 hasta la versión 2.20.7 no gestiona adecuadamente los cierres inesperados provenientes de un espacio de nombre PID, lo que permite que los usuarios locales creen ciertos archivos como r... • https://bazaar.launchpad.net/~apport-hackers/apport/trunk/revision/3171 • CWE-400: Uncontrolled Resource Consumption •