Page 3 of 23 results (0.004 seconds)

CVSS: 7.0EPSS: 0%CPEs: 104EXPL: 0

CVE-2020-15702 – TOCTOU in apport

https://notcve.org/view.php?id=CVE-2020-15702

05 Aug 2020 — TOCTOU Race Condition vulnerability in apport allows a local attacker to escalate privileges and execute arbitrary code. An attacker may exit the crashed process and exploit PID recycling to spawn a root process with the same PID as the crashed process, which can then be used to escalate privileges. Fixed in 2.20.1-0ubuntu2.24, 2.20.9 versions prior to 2.20.9-0ubuntu7.16 and 2.20.11 versions prior to 2.20.11-0ubuntu27.6. Was ZDI-CAN-11234. La vulnerabilidad de Condición de Carrera TOCTOU en apport permite a... • https://usn.ubuntu.com/4449-1 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •

CVSS: 7.0EPSS: 0%CPEs: 10EXPL: 2

CVE-2019-7307 – Apport contains a TOCTTOU vulnerability when reading the users ~/.apport-ignore.xml

https://notcve.org/view.php?id=CVE-2019-7307

09 Jul 2019 — Apport before versions 2.14.1-0ubuntu3.29+esm1, 2.20.1-0ubuntu2.19, 2.20.9-0ubuntu7.7, 2.20.10-0ubuntu27.1, 2.20.11-0ubuntu5 contained a TOCTTOU vulnerability when reading the users ~/.apport-ignore.xml file, which allows a local attacker to replace this file with a symlink to any other file on the system and so cause Apport to include the contents of this other file in the resulting crash report. The crash report could then be read by that user either by causing it to be uploaded and reported to Launchpad,... • https://packetstorm.news/files/id/172858 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •

CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0

CVE-2018-6552 – Apport treats the container PID as the global PID when /proc/<global_pid>/ is missing

https://notcve.org/view.php?id=CVE-2018-6552

31 May 2018 — Apport does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers. The is_same_ns() function returns True when /proc// does not exist in order to indicate that the crash should be handled in the global namespace rather than inside of a container. However, the portion of the data/apport code th... • https://usn.ubuntu.com/3664-2 •