CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 1CVE-2021-25684 – apport can be stalled by reading a FIFO
https://notcve.org/view.php?id=CVE-2021-25684
It was discovered that apport in data/apport did not properly open a report file to prevent hanging reads on a FIFO. Se descubrió que apport en data/apport no abría correctamente un archivo de informes para evitar lecturas colgadas en un FIFO • https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1912326 • CWE-20: Improper Input Validation •
CVSS: 7.0EPSS: 0%CPEs: 104EXPL: 0CVE-2020-15702 – TOCTOU in apport
https://notcve.org/view.php?id=CVE-2020-15702
TOCTOU Race Condition vulnerability in apport allows a local attacker to escalate privileges and execute arbitrary code. An attacker may exit the crashed process and exploit PID recycling to spawn a root process with the same PID as the crashed process, which can then be used to escalate privileges. Fixed in 2.20.1-0ubuntu2.24, 2.20.9 versions prior to 2.20.9-0ubuntu7.16 and 2.20.11 versions prior to 2.20.11-0ubuntu27.6. Was ZDI-CAN-11234. La vulnerabilidad de Condición de Carrera TOCTOU en apport permite a un atacante local escalar privilegios y ejecutar código arbitrario. • https://usn.ubuntu.com/4449-1 https://usn.ubuntu.com/4449-2 https://www.zerodayinitiative.com/advisories/ZDI-20-979 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 5.5EPSS: 0%CPEs: 107EXPL: 1CVE-2020-15701 – Unhandled exception in apport
https://notcve.org/view.php?id=CVE-2020-15701
An unhandled exception in check_ignored() in apport/report.py can be exploited by a local attacker to cause a denial of service. If the mtime attribute is a string value in apport-ignore.xml, it will trigger an unhandled exception, resulting in a crash. Fixed in 2.20.1-0ubuntu2.24, 2.20.9-0ubuntu7.16, 2.20.11-0ubuntu27.6. Un atacante local puede explotar una excepción no manejada en la función check_ignored() en el archivo apport/report.py para causar una denegación de servicio. Si el atributo mtime es un valor de cadena en apport-ignore.xml, desencadenará una excepción no manejada, resultando en un bloqueo. • https://launchpad.net/bugs/1877023 https://usn.ubuntu.com/4449-1 https://usn.ubuntu.com/4449-2 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.0EPSS: 0%CPEs: 10EXPL: 1CVE-2019-7307 – Apport contains a TOCTTOU vulnerability when reading the users ~/.apport-ignore.xml
https://notcve.org/view.php?id=CVE-2019-7307
Apport before versions 2.14.1-0ubuntu3.29+esm1, 2.20.1-0ubuntu2.19, 2.20.9-0ubuntu7.7, 2.20.10-0ubuntu27.1, 2.20.11-0ubuntu5 contained a TOCTTOU vulnerability when reading the users ~/.apport-ignore.xml file, which allows a local attacker to replace this file with a symlink to any other file on the system and so cause Apport to include the contents of this other file in the resulting crash report. The crash report could then be read by that user either by causing it to be uploaded and reported to Launchpad, or by leveraging some other vulnerability to read the resulting crash report, and so allow the user to read arbitrary files on the system. Apport versiones anteriores a 2.14.1-0ubuntu3.29 + esm1, 2.20.1-0ubuntu2.19, 2.20.9-0ubuntu7.7, 2.20.10-0ubuntu27.1, 2.20.11-0ubuntu5 contenían una vulnerabilidad TOCTTOU cuando leen los usuarios el archivo ~/.apport-ignore.xml, que permite a un atacante local reemplazar este archivo con un enlace simbólico en cualquier otro archivo sobre el sistema y, por lo tanto, causar que Apport incluya el contenido de este otro archivo en el reporte del bloqueo resultante. El reporte de bloqueo podría ser leído por ese usuario provocando que sea cargado y reportado para Launchpad, o aprovechando alguna otra vulnerabilidad para leer el reporte de bloqueo resultante, y así permitir al usuario leer archivos arbitrarios en el sistema. • http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html https://bugs.launchpad.net/ubuntu/%2Bsource/apport/%2Bbug/1830858 https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7307.html • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2018-6552 – Apport treats the container PID as the global PID when /proc/<global_pid>/ is missing
https://notcve.org/view.php?id=CVE-2018-6552
Apport does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers. The is_same_ns() function returns True when /proc/<global pid>/ does not exist in order to indicate that the crash should be handled in the global namespace rather than inside of a container. However, the portion of the data/apport code that decides whether or not to forward a crash to a container does not always replace sys.argv[1] with the value stored in the host_pid variable when /proc/<global pid>/ does not exist which results in the container pid being used in the global namespace. This flaw affects versions 2.20.8-0ubuntu4 through 2.20.9-0ubuntu7, 2.20.7-0ubuntu3.7, 2.20.7-0ubuntu3.8, 2.20.1-0ubuntu2.15 through 2.20.1-0ubuntu2.17, and 2.14.1-0ubuntu3.28. Apport no gestiona adecuadamente los cierres inesperados provenientes de un espacio de nombre PID, lo que permite que los usuarios locales creen ciertos archivos como root. • https://usn.ubuntu.com/3664-2 https://usn.ubuntu.com/usn/usn-3664-1 •