// For flags

CVE-2019-7307

Apport contains a TOCTTOU vulnerability when reading the users ~/.apport-ignore.xml

Severity Score

7.0
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Apport before versions 2.14.1-0ubuntu3.29+esm1, 2.20.1-0ubuntu2.19, 2.20.9-0ubuntu7.7, 2.20.10-0ubuntu27.1, 2.20.11-0ubuntu5 contained a TOCTTOU vulnerability when reading the users ~/.apport-ignore.xml file, which allows a local attacker to replace this file with a symlink to any other file on the system and so cause Apport to include the contents of this other file in the resulting crash report. The crash report could then be read by that user either by causing it to be uploaded and reported to Launchpad, or by leveraging some other vulnerability to read the resulting crash report, and so allow the user to read arbitrary files on the system.

Apport versiones anteriores a 2.14.1-0ubuntu3.29 + esm1, 2.20.1-0ubuntu2.19, 2.20.9-0ubuntu7.7, 2.20.10-0ubuntu27.1, 2.20.11-0ubuntu5 contenían una vulnerabilidad TOCTTOU cuando leen los usuarios el archivo ~/.apport-ignore.xml, que permite a un atacante local reemplazar este archivo con un enlace simbólico en cualquier otro archivo sobre el sistema y, por lo tanto, causar que Apport incluya el contenido de este otro archivo en el reporte del bloqueo resultante. El reporte de bloqueo podría ser leído por ese usuario provocando que sea cargado y reportado para Launchpad, o aprovechando alguna otra vulnerabilidad para leer el reporte de bloqueo resultante, y así permitir al usuario leer archivos arbitrarios en el sistema.

*Credits: Kevin Backhouse of Semmle Security Research Team
CVSS Scores
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Local
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-02-01 CVE Reserved
  • 2019-07-09 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-09-16 CVE Updated
  • 2024-09-16 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Apport Project
Search vendor "Apport Project"
 Apport
Search vendor "Apport Project" for product "Apport"
 2.14.1
Search vendor "Apport Project" for product "Apport" and version "2.14.1"
-
Affected
in Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 14.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04"
esm
Safe
Apport Project
Search vendor "Apport Project"
 Apport
Search vendor "Apport Project" for product "Apport"
 2.20.1
Search vendor "Apport Project" for product "Apport" and version "2.20.1"
-
Affected
in Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 16.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04"
lts
Safe
Apport Project
Search vendor "Apport Project"
 Apport
Search vendor "Apport Project" for product "Apport"
 2.20.9
Search vendor "Apport Project" for product "Apport" and version "2.20.9"
-
Affected
in Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 18.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04"
lts
Safe
Apport Project
Search vendor "Apport Project"
 Apport
Search vendor "Apport Project" for product "Apport"
 2.20.10
Search vendor "Apport Project" for product "Apport" and version "2.20.10"
-
Affected
in Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 19.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "19.10"
-
Safe
Apport Project
Search vendor "Apport Project"
 Apport
Search vendor "Apport Project" for product "Apport"
 2.20.10
Search vendor "Apport Project" for product "Apport" and version "2.20.10"
-
Affected
in Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 19.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "19.04"
-
Safe