CVSS: 7.0EPSS: 0%CPEs: 6EXPL: 0CVE-2019-11483
https://notcve.org/view.php?id=CVE-2019-11483
Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. Sander Bos detectó que Apport manejó inapropiadamente los vertederos accidentales procedentes de contenedores. Esto podría ser utilizado por un atacante local para generar un reporte de bloqueo para un proceso privilegiado que pueda ser leído por un usuario no privilegiado. • https://usn.ubuntu.com/usn/usn-4171-1 https://usn.ubuntu.com/usn/usn-4171-2 •
CVSS: 3.3EPSS: 0%CPEs: 6EXPL: 0CVE-2019-11485 – apport created lock file in wrong directory
https://notcve.org/view.php?id=CVE-2019-11485
Sander Bos discovered Apport's lock file was in a world-writable directory which allowed all users to prevent crash handling. Sander Bos detectó que el archivo de bloqueo de Apport estaba en un directorio de tipo world-writable que permitía a todos los usuarios impedir el manejo de bloqueos. • https://usn.ubuntu.com/usn/usn-4171-1 https://usn.ubuntu.com/usn/usn-4171-2 • CWE-412: Unrestricted Externally Accessible Lock •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-11481 – Apport reads arbitrary files if ~/.config/apport/settings is a symlink
https://notcve.org/view.php?id=CVE-2019-11481
Kevin Backhouse discovered that apport would read a user-supplied configuration file with elevated privileges. By replacing the file with a symbolic link, a user could get apport to read any file on the system as root, with unknown consequences. Kevin Backhouse detectó que Apport leería un archivo de configuración suministrado por el usuario con privilegios elevados. Al reemplazar el archivo por un enlace simbólico, un usuario podría lograr que Apport lea cualquier archivo sobre el sistema como root, con consecuencias desconocidas. • http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html https://usn.ubuntu.com/usn/usn-4171-1 https://usn.ubuntu.com/usn/usn-4171-2 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 4.7EPSS: 0%CPEs: 6EXPL: 0CVE-2019-11482 – Race condition between reading current working directory and writing a core dump
https://notcve.org/view.php?id=CVE-2019-11482
Sander Bos discovered a time of check to time of use (TOCTTOU) vulnerability in apport that allowed a user to cause core files to be written in arbitrary directories. Sander Bos detectó una vulnerabilidad de tiempo de comprobación a tiempo de uso (TOCTTOU) en Apport que permitía al usuario causar que los archivos principales se escribieran en directorios arbitrarios. • https://usn.ubuntu.com/usn/usn-4171-1 https://usn.ubuntu.com/usn/usn-4171-2 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 3.3EPSS: 0%CPEs: 6EXPL: 3CVE-2019-15790 – Apport reads PID files with elevated privileges
https://notcve.org/view.php?id=CVE-2019-15790
Apport reads and writes information on a crashed process to /proc/pid with elevated privileges. Apport then determines which user the crashed process belongs to by reading /proc/pid through get_pid_info() in data/apport. An unprivileged user could exploit this to read information about a privileged running process by exploiting PID recycling. This information could then be used to obtain ASLR offsets for a process with an existing memory corruption vulnerability. The initial fix introduced regressions in the Python Apport library due to a missing argument in Report.add_proc_environ in apport/report.py. • http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html https://bugs.launchpad.net/apport/+bug/1854237 https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1839795 https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1850929 https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1851806 https://usn.ubuntu.com/4171-1 https://usn.ubuntu.com/4171-2 https://usn.ubuntu.com/4171-3 https://usn.ubuntu.com/4171-4 https://usn.u • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •