Vulnerabilites related to apport_project - apport
Vulnerability from fkie_nvd
Published
2024-06-04 22:15
Modified
2024-11-21 06:57
Severity ?
Summary
is_closing_session() allows users to consume RAM in the Apport process
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@ubuntu.com | https://ubuntu.com/security/notices/USN-5427-1 | Third Party Advisory | |
| security@ubuntu.com | https://www.cve.org/CVERecord?id=CVE-2022-28656 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ubuntu.com/security/notices/USN-5427-1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cve.org/CVERecord?id=CVE-2022-28656 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apport_project | apport | * | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 20.04 | |
| canonical | ubuntu_linux | 21.10 | |
| canonical | ubuntu_linux | 22.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apport_project:apport:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD92D087-0439-48BE-9B32-5156B335A145",
"versionEndExcluding": "2.21.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "B3293E55-5506-4587-A318-D1734F781C09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:-:*:*:*",
"matchCriteriaId": "3D94DA3B-FA74-4526-A0A0-A872684598C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "359012F1-2C63-415A-88B8-6726A87830DE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "is_closing_session() allows users to consume RAM in the Apport process"
},
{
"lang": "es",
"value": "is_closing_session() permite a los usuarios consumir RAM en el proceso de Apport"
}
],
"id": "CVE-2022-28656",
"lastModified": "2024-11-21T06:57:40.017",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-06-04T22:15:10.007",
"references": [
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28656"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28656"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-06-04 22:15
Modified
2024-11-21 06:57
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
Apport argument parsing mishandles filename splitting on older kernels resulting in argument spoofing
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@ubuntu.com | https://ubuntu.com/security/notices/USN-5427-1 | Third Party Advisory | |
| security@ubuntu.com | https://www.cve.org/CVERecord?id=CVE-2022-28658 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ubuntu.com/security/notices/USN-5427-1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cve.org/CVERecord?id=CVE-2022-28658 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apport_project | apport | * | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 20.04 | |
| canonical | ubuntu_linux | 21.10 | |
| canonical | ubuntu_linux | 22.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apport_project:apport:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD92D087-0439-48BE-9B32-5156B335A145",
"versionEndExcluding": "2.21.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "B3293E55-5506-4587-A318-D1734F781C09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:-:*:*:*",
"matchCriteriaId": "3D94DA3B-FA74-4526-A0A0-A872684598C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "359012F1-2C63-415A-88B8-6726A87830DE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apport argument parsing mishandles filename splitting on older kernels resulting in argument spoofing"
},
{
"lang": "es",
"value": "El an\u00e1lisis de argumentos de Apport maneja mal la divisi\u00f3n de nombres de archivos en n\u00facleos m\u00e1s antiguos, lo que resulta en suplantaci\u00f3n de argumentos"
}
],
"id": "CVE-2022-28658",
"lastModified": "2024-11-21T06:57:40.303",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-06-04T22:15:10.153",
"references": [
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28658"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28658"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-29 15:15
Modified
2024-11-21 04:47
Severity ?
Summary
Apport before versions 2.14.1-0ubuntu3.29+esm1, 2.20.1-0ubuntu2.19, 2.20.9-0ubuntu7.7, 2.20.10-0ubuntu27.1, 2.20.11-0ubuntu5 contained a TOCTTOU vulnerability when reading the users ~/.apport-ignore.xml file, which allows a local attacker to replace this file with a symlink to any other file on the system and so cause Apport to include the contents of this other file in the resulting crash report. The crash report could then be read by that user either by causing it to be uploaded and reported to Launchpad, or by leveraging some other vulnerability to read the resulting crash report, and so allow the user to read arbitrary files on the system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apport_project | apport | 2.14.1 | |
| canonical | ubuntu_linux | 14.04 | |
| apport_project | apport | 2.20.1 | |
| canonical | ubuntu_linux | 16.04 | |
| apport_project | apport | 2.20.9 | |
| canonical | ubuntu_linux | 18.04 | |
| apport_project | apport | 2.20.10 | |
| canonical | ubuntu_linux | 19.10 | |
| apport_project | apport | 2.20.10 | |
| canonical | ubuntu_linux | 19.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apport_project:apport:2.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8CBC4B18-529F-4AAE-BCFE-6F8ACA5346B5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apport_project:apport:2.20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D55EA2A0-01E7-4816-ACBE-497296FAE0D7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apport_project:apport:2.20.9:*:*:*:*:*:*:*",
"matchCriteriaId": "01B2C2C2-E12D-4DD2-9162-2ABBE91454BE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apport_project:apport:2.20.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6949CF5B-69ED-41B7-B9C4-3A84D4ACF150",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apport_project:apport:2.20.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6949CF5B-69ED-41B7-B9C4-3A84D4ACF150",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apport before versions 2.14.1-0ubuntu3.29+esm1, 2.20.1-0ubuntu2.19, 2.20.9-0ubuntu7.7, 2.20.10-0ubuntu27.1, 2.20.11-0ubuntu5 contained a TOCTTOU vulnerability when reading the users ~/.apport-ignore.xml file, which allows a local attacker to replace this file with a symlink to any other file on the system and so cause Apport to include the contents of this other file in the resulting crash report. The crash report could then be read by that user either by causing it to be uploaded and reported to Launchpad, or by leveraging some other vulnerability to read the resulting crash report, and so allow the user to read arbitrary files on the system."
},
{
"lang": "es",
"value": "Apport versiones anteriores a 2.14.1-0ubuntu3.29 + esm1, 2.20.1-0ubuntu2.19, 2.20.9-0ubuntu7.7, 2.20.10-0ubuntu27.1, 2.20.11-0ubuntu5 conten\u00edan una vulnerabilidad TOCTTOU cuando leen los usuarios el archivo ~/.apport-ignore.xml, que permite a un atacante local reemplazar este archivo con un enlace simb\u00f3lico en cualquier otro archivo sobre el sistema y, por lo tanto, causar que Apport incluya el contenido de este otro archivo en el reporte del bloqueo resultante. El reporte de bloqueo podr\u00eda ser le\u00eddo por ese usuario provocando que sea cargado y reportado para Launchpad, o aprovechando alguna otra vulnerabilidad para leer el reporte de bloqueo resultante, y as\u00ed permitir al usuario leer archivos arbitrarios en el sistema."
}
],
"id": "CVE-2019-7307",
"lastModified": "2024-11-21T04:47:58.423",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.0,
"impactScore": 4.0,
"source": "security@ubuntu.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-29T15:15:11.370",
"references": [
{
"source": "security@ubuntu.com",
"url": "http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html"
},
{
"source": "security@ubuntu.com",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugs.launchpad.net/ubuntu/%2Bsource/apport/%2Bbug/1830858"
},
{
"source": "security@ubuntu.com",
"tags": [
"Vendor Advisory"
],
"url": "https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7307.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugs.launchpad.net/ubuntu/%2Bsource/apport/%2Bbug/1830858"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7307.html"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-367"
}
],
"source": "security@ubuntu.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-367"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-06-04 22:15
Modified
2024-11-21 06:57
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Apport does not disable python crash handler before entering chroot
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@ubuntu.com | https://ubuntu.com/security/notices/USN-5427-1 | Third Party Advisory | |
| security@ubuntu.com | https://www.cve.org/CVERecord?id=CVE-2022-28657 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ubuntu.com/security/notices/USN-5427-1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cve.org/CVERecord?id=CVE-2022-28657 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apport_project | apport | * | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 20.04 | |
| canonical | ubuntu_linux | 21.10 | |
| canonical | ubuntu_linux | 22.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apport_project:apport:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD92D087-0439-48BE-9B32-5156B335A145",
"versionEndExcluding": "2.21.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "B3293E55-5506-4587-A318-D1734F781C09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:-:*:*:*",
"matchCriteriaId": "3D94DA3B-FA74-4526-A0A0-A872684598C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "359012F1-2C63-415A-88B8-6726A87830DE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apport does not disable python crash handler before entering chroot"
},
{
"lang": "es",
"value": "Apport no desactiva el controlador de fallos de Python antes de ingresar a chroot"
}
],
"id": "CVE-2022-28657",
"lastModified": "2024-11-21T06:57:40.123",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-06-04T22:15:10.087",
"references": [
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28657"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28657"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-22 22:15
Modified
2024-11-21 05:39
Severity ?
5.6 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
4.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
4.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Time-of-check Time-of-use Race Condition vulnerability on crash report ownership change in Apport allows for a possible privilege escalation opportunity. If fs.protected_symlinks is disabled, this can be exploited between the os.open and os.chown calls when the Apport cron script clears out crash files of size 0. A symlink with the same name as the deleted file can then be created upon which chown will be called, changing the file owner to root. Fixed in versions 2.20.1-0ubuntu2.23, 2.20.9-0ubuntu7.14, 2.20.11-0ubuntu8.8 and 2.20.11-0ubuntu22.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@ubuntu.com | https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1862933 | Exploit, Third Party Advisory | |
| security@ubuntu.com | https://usn.ubuntu.com/4315-1/ | Third Party Advisory | |
| security@ubuntu.com | https://usn.ubuntu.com/4315-2/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1862933 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/4315-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/4315-2/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.10 | |
| apport_project | apport | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apport_project:apport:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47363193-B4DB-4654-BFAC-373426212337",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Time-of-check Time-of-use Race Condition vulnerability on crash report ownership change in Apport allows for a possible privilege escalation opportunity. If fs.protected_symlinks is disabled, this can be exploited between the os.open and os.chown calls when the Apport cron script clears out crash files of size 0. A symlink with the same name as the deleted file can then be created upon which chown will be called, changing the file owner to root. Fixed in versions 2.20.1-0ubuntu2.23, 2.20.9-0ubuntu7.14, 2.20.11-0ubuntu8.8 and 2.20.11-0ubuntu22."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Condici\u00f3n de Carrera de tipo Time-of-check Time-of-use en el cambio de propiedad del reporte de bloqueo en Apport, permite una posible oportunidad de escalada de privilegios. Si fs.protected_symlinks est\u00e1 deshabilitado, esto puede ser explotado entre las llamadas de os.open y os.chown cuando el script cron de Apport borra los archivos bloqueados de tama\u00f1o 0. Un enlace simb\u00f3lico con el mismo nombre que el archivo eliminado puede entonces ser creado a partir de que chown ser\u00eda llamado, cambiando el propietario del archivo a root. Corregido en las versiones 2.20.1-0ubuntu2.23, 2.20.9-0ubuntu7.14, 2.20.11-0ubuntu8.8 y 2.20.11-0ubuntu22."
}
],
"id": "CVE-2020-8833",
"lastModified": "2024-11-21T05:39:31.937",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.1,
"impactScore": 4.0,
"source": "security@ubuntu.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-22T22:15:12.577",
"references": [
{
"source": "security@ubuntu.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1862933"
},
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4315-1/"
},
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4315-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1862933"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4315-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4315-2/"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-367"
}
],
"source": "security@ubuntu.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-367"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-02-02 14:29
Modified
2024-11-21 03:12
Severity ?
Summary
Apport through 2.20.7 does not properly handle core dumps from setuid binaries allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1324.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@ubuntu.com | https://bazaar.launchpad.net/~apport-hackers/apport/trunk/revision/3171 | Issue Tracking, Third Party Advisory | |
| security@ubuntu.com | https://launchpad.net/bugs/1726372 | Issue Tracking, Third Party Advisory | |
| security@ubuntu.com | https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-14177 | Third Party Advisory | |
| security@ubuntu.com | https://usn.ubuntu.com/usn/usn-3480-1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bazaar.launchpad.net/~apport-hackers/apport/trunk/revision/3171 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.net/bugs/1726372 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-14177 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/usn/usn-3480-1 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apport_project | apport | * | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 17.04 | |
| canonical | ubuntu_linux | 17.10 | |
| canonical | ubuntu_linux | 18.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apport_project:apport:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2519820-9513-4C0E-AF95-639587329310",
"versionEndIncluding": "2.20.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*",
"matchCriteriaId": "588D4F37-0A56-47A4-B710-4D5F3D214FB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apport through 2.20.7 does not properly handle core dumps from setuid binaries allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1324."
},
{
"lang": "es",
"value": "Apport, hasta la versi\u00f3n 2.20.7, no gestiona adecuadamente lo volcados de n\u00facleo de binarios setuid, lo que permite que los usuarios locales creen ciertos archivos como root. Un atacante podr\u00eda aprovechar estos archivos para realizar una denegaci\u00f3n de servicio (DoS) mediante el agotamiento de recursos o, posiblemente, obtener privilegios root. NOTA: Esta vulnerabilidad existe debido a una soluci\u00f3n incompleta para CVE-2015-1324."
}
],
"id": "CVE-2017-14177",
"lastModified": "2024-11-21T03:12:18.367",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-02T14:29:00.263",
"references": [
{
"source": "security@ubuntu.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bazaar.launchpad.net/~apport-hackers/apport/trunk/revision/3171"
},
{
"source": "security@ubuntu.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://launchpad.net/bugs/1726372"
},
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-14177"
},
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/usn/usn-3480-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bazaar.launchpad.net/~apport-hackers/apport/trunk/revision/3171"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://launchpad.net/bugs/1726372"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-14177"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/usn/usn-3480-1"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-08 05:15
Modified
2024-11-21 04:21
Severity ?
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@ubuntu.com | https://usn.ubuntu.com/usn/usn-4171-1 | Third Party Advisory | |
| security@ubuntu.com | https://usn.ubuntu.com/usn/usn-4171-2 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/usn/usn-4171-1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/usn/usn-4171-2 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apport_project | apport | - | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.04 | |
| canonical | ubuntu_linux | 19.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apport_project:apport:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47363193-B4DB-4654-BFAC-373426212337",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user."
},
{
"lang": "es",
"value": "Sander Bos detect\u00f3 que Apport manej\u00f3 inapropiadamente los vertederos accidentales procedentes de contenedores. Esto podr\u00eda ser utilizado por un atacante local para generar un reporte de bloqueo para un proceso privilegiado que pueda ser le\u00eddo por un usuario no privilegiado."
}
],
"id": "CVE-2019-11483",
"lastModified": "2024-11-21T04:21:10.473",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.1,
"impactScore": 5.3,
"source": "security@ubuntu.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-08T05:15:13.290",
"references": [
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/usn/usn-4171-1"
},
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/usn/usn-4171-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/usn/usn-4171-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/usn/usn-4171-2"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-22 22:15
Modified
2024-11-21 05:39
Severity ?
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory. If the apport/ directory does not exist (this is not uncommon as /var/lock is a tmpfs), it will create the directory, otherwise it will simply continue execution using the existing directory. This allows for a symlink attack if an attacker were to create a symlink at /var/lock/apport, changing apport's lock file location. This file could then be used to escalate privileges, for example. Fixed in versions 2.20.1-0ubuntu2.23, 2.20.9-0ubuntu7.14, 2.20.11-0ubuntu8.8 and 2.20.11-0ubuntu22.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@ubuntu.com | https://launchpad.net/bugs/1862348 | Exploit, Third Party Advisory | |
| security@ubuntu.com | https://usn.ubuntu.com/4315-1/ | Third Party Advisory | |
| security@ubuntu.com | https://usn.ubuntu.com/4315-2/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.net/bugs/1862348 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/4315-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/4315-2/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.10 | |
| apport_project | apport | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apport_project:apport:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47363193-B4DB-4654-BFAC-373426212337",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory. If the apport/ directory does not exist (this is not uncommon as /var/lock is a tmpfs), it will create the directory, otherwise it will simply continue execution using the existing directory. This allows for a symlink attack if an attacker were to create a symlink at /var/lock/apport, changing apport\u0027s lock file location. This file could then be used to escalate privileges, for example. Fixed in versions 2.20.1-0ubuntu2.23, 2.20.9-0ubuntu7.14, 2.20.11-0ubuntu8.8 and 2.20.11-0ubuntu22."
},
{
"lang": "es",
"value": "Apport crea un archivo de bloqueo de tipo world writable con propiedad root en el directorio /var/lock/apport de tipo world writable. Si el directorio apport/ no existe (esto no es raro ya que /var/lock es un tmpfs), crear\u00e1 el directorio, de lo contrario, simplemente continuar\u00e1 la ejecuci\u00f3n usando el directorio existente. Esto permite un ataque de tipo symlink si un atacante creara un enlace simb\u00f3lico en el directorio /var/lock/apport, cambiando la ubicaci\u00f3n del archivo de bloqueo de apport. Este archivo podr\u00eda ser utilizado para escalar privilegios, por ejemplo. Corregido en las versiones 2.20.1-0ubuntu2.23, 2.20.9-0ubuntu7.14, 2.20.11-0ubuntu8.8 y 2.20.11-0ubuntu22."
}
],
"id": "CVE-2020-8831",
"lastModified": "2024-11-21T05:39:31.667",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 4.0,
"source": "security@ubuntu.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-22T22:15:12.513",
"references": [
{
"source": "security@ubuntu.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://launchpad.net/bugs/1862348"
},
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4315-1/"
},
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4315-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://launchpad.net/bugs/1862348"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4315-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4315-2/"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-379"
}
],
"source": "security@ubuntu.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-12-17 03:59
Modified
2024-11-21 03:02
Severity ?
Summary
An issue was discovered in Apport before 2.20.4. A malicious Apport crash file can contain a restart command in `RespawnCommand` or `ProcCmdline` fields. This command will be executed if a user clicks the Relaunch button on the Apport prompt from the malicious crash file. The fix is to only show the Relaunch button on Apport crash files generated by local systems. The Relaunch button will be hidden when crash files are opened directly in Apport-GTK.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apport_project | apport | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apport_project:apport:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14E2A18E-418A-47E5-8D6D-19996D80DB42",
"versionEndIncluding": "2.20.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Apport before 2.20.4. A malicious Apport crash file can contain a restart command in `RespawnCommand` or `ProcCmdline` fields. This command will be executed if a user clicks the Relaunch button on the Apport prompt from the malicious crash file. The fix is to only show the Relaunch button on Apport crash files generated by local systems. The Relaunch button will be hidden when crash files are opened directly in Apport-GTK."
},
{
"lang": "es",
"value": "Un problema fue descubierto en Apport en versiones anteriores a 2.20.4. Un archivo de bloqueo Apport malicioso puede contener un comando de restauraci\u00f3n en campos `RespawnCommand` o `ProcCmdline`. Este comando se ejecutar\u00e1 si un usuario hace click en el bot\u00f3n Relaunch en el prompt Apport desde el archivo de bloqueo malicioso. La soluci\u00f3n est\u00e1 en \u00fanicamente mostrar el bot\u00f3n Relaunch en archivos de bloqueo Apport generados por los sistemas locales. El bot\u00f3n Relaunch se esconder\u00e1 cuando archivos de bloqueo se abran directamente en Apport-GTK."
}
],
"id": "CVE-2016-9951",
"lastModified": "2024-11-21T03:02:03.800",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-17T03:59:00.357",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95011"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-3157-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugs.launchpad.net/apport/+bug/1648806"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://donncha.is/2016/12/compromising-ubuntu-desktop/"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/DonnchaC/ubuntu-apport-exploitation"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/40937/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-3157-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugs.launchpad.net/apport/+bug/1648806"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://donncha.is/2016/12/compromising-ubuntu-desktop/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/DonnchaC/ubuntu-apport-exploitation"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/40937/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-06-04 22:15
Modified
2024-11-21 06:57
Severity ?
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Summary
is_closing_session() allows users to create arbitrary tcp dbus connections
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@ubuntu.com | https://ubuntu.com/security/notices/USN-5427-1 | Third Party Advisory | |
| security@ubuntu.com | https://www.cve.org/CVERecord?id=CVE-2022-28655 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ubuntu.com/security/notices/USN-5427-1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cve.org/CVERecord?id=CVE-2022-28655 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apport_project | apport | * | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 20.04 | |
| canonical | ubuntu_linux | 21.10 | |
| canonical | ubuntu_linux | 22.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apport_project:apport:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD92D087-0439-48BE-9B32-5156B335A145",
"versionEndExcluding": "2.21.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "B3293E55-5506-4587-A318-D1734F781C09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:-:*:*:*",
"matchCriteriaId": "3D94DA3B-FA74-4526-A0A0-A872684598C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "359012F1-2C63-415A-88B8-6726A87830DE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "is_closing_session() allows users to create arbitrary tcp dbus connections"
},
{
"lang": "es",
"value": "is_closing_session() permite a los usuarios crear conexiones tcp dbus arbitrarias"
}
],
"id": "CVE-2022-28655",
"lastModified": "2024-11-21T06:57:39.837",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-06-04T22:15:09.940",
"references": [
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28655"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28655"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-04-17 17:59
Modified
2024-11-21 02:25
Severity ?
Summary
The crash reporting feature in Apport 2.13 through 2.17.x before 2.17.1 allows local users to gain privileges via a crafted usr/share/apport/apport file in a namespace (container).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apport_project | apport | 2.13 | |
| apport_project | apport | 2.13.1 | |
| apport_project | apport | 2.13.2 | |
| apport_project | apport | 2.13.3 | |
| apport_project | apport | 2.14 | |
| apport_project | apport | 2.14.1 | |
| apport_project | apport | 2.14.2 | |
| apport_project | apport | 2.14.3 | |
| apport_project | apport | 2.14.4 | |
| apport_project | apport | 2.14.5 | |
| apport_project | apport | 2.14.6 | |
| apport_project | apport | 2.14.7 | |
| apport_project | apport | 2.15 | |
| apport_project | apport | 2.15.1 | |
| apport_project | apport | 2.16 | |
| apport_project | apport | 2.16.1 | |
| apport_project | apport | 2.16.2 | |
| apport_project | apport | 2.17 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apport_project:apport:2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7C587160-F938-4C50-A576-9340C25C4C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apport_project:apport:2.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "620CA03F-1870-43C5-A461-74187F190234",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apport_project:apport:2.13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "744360E3-1C77-4903-A233-642C46BDB08B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apport_project:apport:2.13.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8EB2B501-A32A-4A6D-AF0C-6BC371753466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apport_project:apport:2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D1B30C-509A-4C50-B42E-D5A9CCB9D985",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apport_project:apport:2.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8CBC4B18-529F-4AAE-BCFE-6F8ACA5346B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apport_project:apport:2.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FF1E166C-4173-41CC-9011-6154F9879934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apport_project:apport:2.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DD4C9CE4-9950-4B16-B5E8-77CC271276AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apport_project:apport:2.14.4:*:*:*:*:*:*:*",
"matchCriteriaId": "18DE4F32-1F3C-47ED-ACE2-399B5BEB3E8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apport_project:apport:2.14.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D811E6BA-6E1D-4E3A-8658-41DDC436F8D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apport_project:apport:2.14.6:*:*:*:*:*:*:*",
"matchCriteriaId": "11AEDA35-3CCC-42AD-A7CD-2A02EAA8301E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apport_project:apport:2.14.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8319DD9F-0B18-43AA-A6E8-368CA9D56CAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apport_project:apport:2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "A2CC60CF-F046-4EEA-94AC-B5678CEFCD12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apport_project:apport:2.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3838106-FD5A-41D4-AC89-AFBE0BA8E9A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apport_project:apport:2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C450F1A1-D6E0-4D50-806F-C84168E94CB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apport_project:apport:2.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "838FF491-4F6B-4E51-888E-5C62D647EC43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apport_project:apport:2.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2098B517-F8A7-4675-B57F-57A8B790DFA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apport_project:apport:2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "0F9F8E6F-D879-4ADE-BBF1-A92C36DD9FCA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The crash reporting feature in Apport 2.13 through 2.17.x before 2.17.1 allows local users to gain privileges via a crafted usr/share/apport/apport file in a namespace (container)."
},
{
"lang": "es",
"value": "La caracter\u00edstica de informes de ca\u00eddas en Apport 2.13 hasta 2.17.x anterior a 2.17.1 permite a usuarios locales ganar privilegios a trav\u00e9s de un fichero usr/share/apport/apport manipulado en un espacio de nombre (contenedor)."
}
],
"id": "CVE-2015-1318",
"lastModified": "2024-11-21T02:25:09.430",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-04-17T17:59:01.420",
"references": [
{
"source": "security@ubuntu.com",
"url": "http://www.osvdb.org/120803"
},
{
"source": "security@ubuntu.com",
"url": "http://www.ubuntu.com/usn/USN-2569-1"
},
{
"source": "security@ubuntu.com",
"url": "https://bugs.launchpad.net/ubuntu/%2Bsource/apport/%2Bbug/1438758"
},
{
"source": "security@ubuntu.com",
"tags": [
"Patch"
],
"url": "https://launchpad.net/apport/trunk/2.17.1"
},
{
"source": "security@ubuntu.com",
"tags": [
"Exploit"
],
"url": "https://www.exploit-db.com/exploits/36782/"
},
{
"source": "security@ubuntu.com",
"url": "https://www.exploit-db.com/exploits/43971/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/120803"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2569-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/ubuntu/%2Bsource/apport/%2Bbug/1438758"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://launchpad.net/apport/trunk/2.17.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.exploit-db.com/exploits/36782/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/43971/"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-18 20:29
Modified
2024-11-21 03:06
Severity ?
Summary
An issue was discovered in Apport through 2.20.x. In apport/report.py, Apport sets the ExecutablePath field and it then uses the path to run package specific hooks without protecting against path traversal. This allows remote attackers to execute arbitrary code via a crafted .crash file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://launchpad.net/bugs/1700573 | Third Party Advisory | |
| cve@mitre.org | https://launchpad.net/ubuntu/+source/apport/+changelog | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.net/bugs/1700573 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.net/ubuntu/+source/apport/+changelog | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apport_project | apport | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apport_project:apport:*:*:*:*:*:*:*:*",
"matchCriteriaId": "44F317CA-0246-45C3-9003-F6C463C329A4",
"versionEndIncluding": "2.20.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Apport through 2.20.x. In apport/report.py, Apport sets the ExecutablePath field and it then uses the path to run package specific hooks without protecting against path traversal. This allows remote attackers to execute arbitrary code via a crafted .crash file."
},
{
"lang": "es",
"value": "Fue detectado un problema en Apport hasta la versi\u00f3n 2.20.x. En el archivo apport/report.py, Apport establece el campo ExecutablePath y, a entonces, usa la ruta (path) de acceso para ejecutar enlaces espec\u00edficos del paquete sin proteger contra el salto de ruta (path) de acceso. Esto permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un archivo .crash creado."
}
],
"id": "CVE-2017-10708",
"lastModified": "2024-11-21T03:06:19.263",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-18T20:29:00.200",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://launchpad.net/bugs/1700573"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://launchpad.net/ubuntu/+source/apport/+changelog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://launchpad.net/bugs/1700573"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://launchpad.net/ubuntu/+source/apport/+changelog"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-08 05:15
Modified
2024-11-21 04:21
Severity ?
4.2 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:L
4.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
4.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Sander Bos discovered a time of check to time of use (TOCTTOU) vulnerability in apport that allowed a user to cause core files to be written in arbitrary directories.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@ubuntu.com | https://usn.ubuntu.com/usn/usn-4171-1 | Third Party Advisory | |
| security@ubuntu.com | https://usn.ubuntu.com/usn/usn-4171-2 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/usn/usn-4171-1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/usn/usn-4171-2 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.04 | |
| canonical | ubuntu_linux | 19.10 | |
| apport_project | apport | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apport_project:apport:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47363193-B4DB-4654-BFAC-373426212337",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sander Bos discovered a time of check to time of use (TOCTTOU) vulnerability in apport that allowed a user to cause core files to be written in arbitrary directories."
},
{
"lang": "es",
"value": "Sander Bos detect\u00f3 una vulnerabilidad de tiempo de comprobaci\u00f3n a tiempo de uso (TOCTTOU) en Apport que permit\u00eda al usuario causar que los archivos principales se escribieran en directorios arbitrarios."
}
],
"id": "CVE-2019-11482",
"lastModified": "2024-11-21T04:21:10.340",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.1,
"impactScore": 2.7,
"source": "security@ubuntu.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-08T05:15:13.150",
"references": [
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/usn/usn-4171-1"
},
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/usn/usn-4171-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/usn/usn-4171-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/usn/usn-4171-2"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-367"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-12-17 03:59
Modified
2024-11-21 03:02
Severity ?
Summary
An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file "Package" and "SourcePackage" fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory. An attacker can exploit this path traversal to execute arbitrary Python files from the local system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apport_project | apport | * | |
| canonical | ubuntu_linux | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apport_project:apport:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14E2A18E-418A-47E5-8D6D-19996D80DB42",
"versionEndIncluding": "2.20.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD4B26F2-78C2-4B15-8A31-5B8399492E97",
"versionEndIncluding": "12.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file \"Package\" and \"SourcePackage\" fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory. An attacker can exploit this path traversal to execute arbitrary Python files from the local system."
},
{
"lang": "es",
"value": "Un problema fue descubierto en Apport en versiones anteriores a 2.20.4. Hay un problema de salto de ruta en campos Apport crash file \"Package\" y \"SourcePackage\". Estos campos se utilizan para construir una ruta a los archivos gancho espec\u00edficos del paquete en el directorio /usr/share/apport/package-hooks/. Un ataque puede explotar este salto de ruta para ejecutar archivos Python arbitrarios desde un sistema local."
}
],
"id": "CVE-2016-9950",
"lastModified": "2024-11-21T03:02:03.650",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-17T03:59:00.327",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95011"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-3157-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugs.launchpad.net/apport/+bug/1648806"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://donncha.is/2016/12/compromising-ubuntu-desktop/"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/DonnchaC/ubuntu-apport-exploitation"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/40937/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-3157-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugs.launchpad.net/apport/+bug/1648806"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://donncha.is/2016/12/compromising-ubuntu-desktop/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/DonnchaC/ubuntu-apport-exploitation"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/40937/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-02-02 14:29
Modified
2024-11-21 03:12
Severity ?
Summary
Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges, a different vulnerability than CVE-2017-14179.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@ubuntu.com | https://bazaar.launchpad.net/~apport-hackers/apport/trunk/revision/3171 | Issue Tracking, Third Party Advisory | |
| security@ubuntu.com | https://launchpad.net/bugs/1726372 | Issue Tracking, Third Party Advisory | |
| security@ubuntu.com | https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-14180 | Third Party Advisory | |
| security@ubuntu.com | https://usn.ubuntu.com/usn/usn-3480-1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bazaar.launchpad.net/~apport-hackers/apport/trunk/revision/3171 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.net/bugs/1726372 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-14180 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/usn/usn-3480-1 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apport_project | apport | * | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 17.04 | |
| canonical | ubuntu_linux | 17.10 | |
| canonical | ubuntu_linux | 18.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apport_project:apport:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ACBD0C3D-87F4-4B78-B12B-1E676FBE9698",
"versionEndIncluding": "2.20.7",
"versionStartIncluding": "2.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*",
"matchCriteriaId": "588D4F37-0A56-47A4-B710-4D5F3D214FB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges, a different vulnerability than CVE-2017-14179."
},
{
"lang": "es",
"value": "Apport 2.13 hasta la versi\u00f3n 2.20.7 no gestiona adecuadamente los cierres inesperados provenientes de un espacio de nombre PID, lo que permite que los usuarios locales creen ciertos archivos como root. Un atacante podr\u00eda aprovechar estos archivos para realizar una denegaci\u00f3n de servicio (DoS) mediante el agotamiento de recursos o, posiblemente, obtener privilegios root. Esta vulnerabilidad es diferente de CVE-2017-14179."
}
],
"id": "CVE-2017-14180",
"lastModified": "2024-11-21T03:12:18.713",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-02T14:29:00.467",
"references": [
{
"source": "security@ubuntu.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bazaar.launchpad.net/~apport-hackers/apport/trunk/revision/3171"
},
{
"source": "security@ubuntu.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://launchpad.net/bugs/1726372"
},
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-14180"
},
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/usn/usn-3480-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bazaar.launchpad.net/~apport-hackers/apport/trunk/revision/3171"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://launchpad.net/bugs/1726372"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-14180"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/usn/usn-3480-1"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-08 05:15
Modified
2024-11-21 04:21
Severity ?
3.8 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Kevin Backhouse discovered that apport would read a user-supplied configuration file with elevated privileges. By replacing the file with a symbolic link, a user could get apport to read any file on the system as root, with unknown consequences.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.04 | |
| canonical | ubuntu_linux | 19.10 | |
| apport_project | apport | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apport_project:apport:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47363193-B4DB-4654-BFAC-373426212337",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kevin Backhouse discovered that apport would read a user-supplied configuration file with elevated privileges. By replacing the file with a symbolic link, a user could get apport to read any file on the system as root, with unknown consequences."
},
{
"lang": "es",
"value": "Kevin Backhouse detect\u00f3 que Apport leer\u00eda un archivo de configuraci\u00f3n suministrado por el usuario con privilegios elevados. Al reemplazar el archivo por un enlace simb\u00f3lico, un usuario podr\u00eda lograr que Apport lea cualquier archivo sobre el sistema como root, con consecuencias desconocidas."
}
],
"id": "CVE-2019-11481",
"lastModified": "2024-11-21T04:21:10.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.1,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 8.5,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 1.4,
"source": "security@ubuntu.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-08T05:15:12.527",
"references": [
{
"source": "security@ubuntu.com",
"url": "http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html"
},
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/usn/usn-4171-1"
},
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/usn/usn-4171-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/usn/usn-4171-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/usn/usn-4171-2"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-08 05:15
Modified
2024-11-21 04:21
Severity ?
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Summary
Sander Bos discovered Apport's lock file was in a world-writable directory which allowed all users to prevent crash handling.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@ubuntu.com | https://usn.ubuntu.com/usn/usn-4171-1 | Third Party Advisory | |
| security@ubuntu.com | https://usn.ubuntu.com/usn/usn-4171-2 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/usn/usn-4171-1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/usn/usn-4171-2 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apport_project | apport | - | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.04 | |
| canonical | ubuntu_linux | 19.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apport_project:apport:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47363193-B4DB-4654-BFAC-373426212337",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sander Bos discovered Apport\u0027s lock file was in a world-writable directory which allowed all users to prevent crash handling."
},
{
"lang": "es",
"value": "Sander Bos detect\u00f3 que el archivo de bloqueo de Apport estaba en un directorio de tipo world-writable que permit\u00eda a todos los usuarios impedir el manejo de bloqueos."
}
],
"id": "CVE-2019-11485",
"lastModified": "2024-11-21T04:21:10.710",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "security@ubuntu.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-08T05:15:13.807",
"references": [
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/usn/usn-4171-1"
},
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/usn/usn-4171-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/usn/usn-4171-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/usn/usn-4171-2"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-412"
}
],
"source": "security@ubuntu.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-06-04 22:15
Modified
2024-11-21 06:57
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
is_closing_session() allows users to fill up apport.log
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@ubuntu.com | https://ubuntu.com/security/notices/USN-5427-1 | Third Party Advisory | |
| security@ubuntu.com | https://www.cve.org/CVERecord?id=CVE-2022-28654 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ubuntu.com/security/notices/USN-5427-1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cve.org/CVERecord?id=CVE-2022-28654 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apport_project | apport | * | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 20.04 | |
| canonical | ubuntu_linux | 21.10 | |
| canonical | ubuntu_linux | 22.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apport_project:apport:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD92D087-0439-48BE-9B32-5156B335A145",
"versionEndExcluding": "2.21.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "B3293E55-5506-4587-A318-D1734F781C09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:-:*:*:*",
"matchCriteriaId": "3D94DA3B-FA74-4526-A0A0-A872684598C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "359012F1-2C63-415A-88B8-6726A87830DE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "is_closing_session() allows users to fill up apport.log"
},
{
"lang": "es",
"value": "is_closing_session() permite a los usuarios completar apport.log"
}
],
"id": "CVE-2022-28654",
"lastModified": "2024-11-21T06:57:39.657",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-06-04T22:15:09.870",
"references": [
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28654"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28654"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-10-01 20:59
Modified
2024-11-21 02:25
Severity ?
Summary
kernel_crashdump in Apport before 2.19 allows local users to cause a denial of service (disk consumption) or possibly gain privileges via a (1) symlink or (2) hard link attack on /var/crash/vmcore.log.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apport_project | apport | * | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 15.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apport_project:apport:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E804BB30-CDC6-4114-AD91-5497E880A459",
"versionEndIncluding": "2.18.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
"matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "kernel_crashdump in Apport before 2.19 allows local users to cause a denial of service (disk consumption) or possibly gain privileges via a (1) symlink or (2) hard link attack on /var/crash/vmcore.log."
},
{
"lang": "es",
"value": "kernel_crashdump en Apport en versiones anteriores a 2.19, permite a usuarios locales provocar una denegaci\u00f3n de servicio (consumo de disco) o posiblemente obtener privilegios a trav\u00e9s de un ataque de enlace (1) simb\u00f3lico o (2) duro en /var/crash/vmcore.log."
}
],
"id": "CVE-2015-1338",
"lastModified": "2024-11-21T02:25:12.087",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-10-01T20:59:02.007",
"references": [
{
"source": "security@ubuntu.com",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/133723/Ubuntu-Apport-kernel_crashdump-Symlink.html"
},
{
"source": "security@ubuntu.com",
"url": "http://seclists.org/fulldisclosure/2015/Sep/101"
},
{
"source": "security@ubuntu.com",
"tags": [
"Exploit"
],
"url": "http://www.halfdog.net/Security/2015/ApportKernelCrashdumpFileAccessVulnerabilities/"
},
{
"source": "security@ubuntu.com",
"url": "http://www.ubuntu.com/usn/USN-2744-1"
},
{
"source": "security@ubuntu.com",
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1492570"
},
{
"source": "security@ubuntu.com",
"tags": [
"Patch"
],
"url": "https://launchpad.net/apport/trunk/2.19"
},
{
"source": "security@ubuntu.com",
"tags": [
"Exploit"
],
"url": "https://www.exploit-db.com/exploits/38353/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/133723/Ubuntu-Apport-kernel_crashdump-Symlink.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2015/Sep/101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.halfdog.net/Security/2015/ApportKernelCrashdumpFileAccessVulnerabilities/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2744-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1492570"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://launchpad.net/apport/trunk/2.19"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.exploit-db.com/exploits/38353/"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-12-17 03:59
Modified
2024-11-21 03:02
Severity ?
Summary
An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "{". This allows remote attackers to execute arbitrary Python code.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apport_project | apport | * | |
| canonical | ubuntu_linux | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apport_project:apport:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14E2A18E-418A-47E5-8D6D-19996D80DB42",
"versionEndIncluding": "2.20.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD4B26F2-78C2-4B15-8A31-5B8399492E97",
"versionEndIncluding": "12.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a \"{\". This allows remote attackers to execute arbitrary Python code."
},
{
"lang": "es",
"value": "Un problema fue descubierto en Apport en versiones anteriores a 2.20.4. En apport/ui.py, Apport lee el campo CashDB y despu\u00e9s eval\u00faa el campo como c\u00f3digo Python si comienza con un \"{\". Esto permite a atacantes remotos ejecutar c\u00f3digo Python arbitrario."
}
],
"id": "CVE-2016-9949",
"lastModified": "2024-11-21T03:02:03.483",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-12-17T03:59:00.297",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95011"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-3157-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugs.launchpad.net/apport/+bug/1648806"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://donncha.is/2016/12/compromising-ubuntu-desktop/"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/DonnchaC/ubuntu-apport-exploitation"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/40937/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-3157-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugs.launchpad.net/apport/+bug/1648806"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://donncha.is/2016/12/compromising-ubuntu-desktop/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/DonnchaC/ubuntu-apport-exploitation"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/40937/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-06-04 22:15
Modified
2024-11-21 06:57
Severity ?
Summary
~/.config/apport/settings parsing is vulnerable to "billion laughs" attack
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@ubuntu.com | https://ubuntu.com/security/notices/USN-5427-1 | Third Party Advisory | |
| security@ubuntu.com | https://www.cve.org/CVERecord?id=CVE-2022-28652 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ubuntu.com/security/notices/USN-5427-1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cve.org/CVERecord?id=CVE-2022-28652 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apport_project | apport | * | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 20.04 | |
| canonical | ubuntu_linux | 21.10 | |
| canonical | ubuntu_linux | 22.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apport_project:apport:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD92D087-0439-48BE-9B32-5156B335A145",
"versionEndExcluding": "2.21.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "B3293E55-5506-4587-A318-D1734F781C09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AAE4D2D0-CEEB-416F-8BC5-A7987DF56190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "359012F1-2C63-415A-88B8-6726A87830DE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "~/.config/apport/settings parsing is vulnerable to \"billion laughs\" attack"
},
{
"lang": "es",
"value": "~/.config/apport/settings el an\u00e1lisis es vulnerable al ataque de \"billion laughs\""
}
],
"id": "CVE-2022-28652",
"lastModified": "2024-11-21T06:57:39.520",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-06-04T22:15:09.780",
"references": [
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28652"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28652"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-776"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-28 00:15
Modified
2024-11-21 04:29
Severity ?
2.8 (Low) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
Apport reads and writes information on a crashed process to /proc/pid with elevated privileges. Apport then determines which user the crashed process belongs to by reading /proc/pid through get_pid_info() in data/apport. An unprivileged user could exploit this to read information about a privileged running process by exploiting PID recycling. This information could then be used to obtain ASLR offsets for a process with an existing memory corruption vulnerability. The initial fix introduced regressions in the Python Apport library due to a missing argument in Report.add_proc_environ in apport/report.py. It also caused an autopkgtest failure when reading /proc/pid and with Python 2 compatibility by reading /proc maps. The initial and subsequent regression fixes are in 2.20.11-0ubuntu16, 2.20.11-0ubuntu8.6, 2.20.9-0ubuntu7.12, 2.20.1-0ubuntu2.22 and 2.14.1-0ubuntu3.29+esm3.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apport_project | apport | - | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.04 | |
| canonical | ubuntu_linux | 19.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apport_project:apport:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47363193-B4DB-4654-BFAC-373426212337",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
"matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apport reads and writes information on a crashed process to /proc/pid with elevated privileges. Apport then determines which user the crashed process belongs to by reading /proc/pid through get_pid_info() in data/apport. An unprivileged user could exploit this to read information about a privileged running process by exploiting PID recycling. This information could then be used to obtain ASLR offsets for a process with an existing memory corruption vulnerability. The initial fix introduced regressions in the Python Apport library due to a missing argument in Report.add_proc_environ in apport/report.py. It also caused an autopkgtest failure when reading /proc/pid and with Python 2 compatibility by reading /proc maps. The initial and subsequent regression fixes are in 2.20.11-0ubuntu16, 2.20.11-0ubuntu8.6, 2.20.9-0ubuntu7.12, 2.20.1-0ubuntu2.22 and 2.14.1-0ubuntu3.29+esm3."
},
{
"lang": "es",
"value": "Apport lee y escribe informaci\u00f3n sobre un proceso bloqueado en /proc/pid con privilegios elevados. Apport determina a qu\u00e9 usuario pertenece el proceso bloqueado leyendo /proc/pid por medio de la funci\u00f3n get_pid_info() en el archivo data/apport. Un usuario no privilegiado podr\u00eda aprovechar esto para leer informaci\u00f3n sobre un proceso de ejecuci\u00f3n privilegiado al explotar el reciclaje PID. Esta informaci\u00f3n podr\u00eda ser usada para obtener compensaciones de ASLR para un proceso con una vulnerabilidad de corrupci\u00f3n de la memoria existente. La correcci\u00f3n inicial introdujo regresiones en la biblioteca Python de Apport debido a la falta de argumento en Report.add_proc_environ en apport/report.py. Tambi\u00e9n caus\u00f3 un fallo de autopkgtest cuando se lee /proc/pid y con la compatibilidad con Python 2 por medio de la lectura de mapas /proc. Las correcciones de regresi\u00f3n iniciales y posteriores est\u00e1n en las versiones 2.20.11-0ubuntu16, 2.20.11-0ubuntu8.6, 2.20.9-0ubuntu7.12, 2.20.1-0ubuntu2.22 y 2.14.1-0ubuntu3.29+esm3."
}
],
"id": "CVE-2019-15790",
"lastModified": "2024-11-21T04:29:28.330",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.1,
"impactScore": 1.4,
"source": "security@ubuntu.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-28T00:15:12.913",
"references": [
{
"source": "security@ubuntu.com",
"url": "http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html"
},
{
"source": "security@ubuntu.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/apport/+bug/1854237"
},
{
"source": "security@ubuntu.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1839795"
},
{
"source": "security@ubuntu.com",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1850929"
},
{
"source": "security@ubuntu.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1851806"
},
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4171-1/"
},
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4171-2/"
},
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4171-3/"
},
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4171-4/"
},
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4171-5/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/apport/+bug/1854237"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1839795"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1850929"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1851806"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4171-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4171-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4171-3/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4171-4/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4171-5/"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-250"
}
],
"source": "security@ubuntu.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-02-02 14:29
Modified
2024-11-21 03:12
Severity ?
Summary
Apport before 2.13 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@ubuntu.com | https://launchpad.net/bugs/1726372 | Issue Tracking, Third Party Advisory | |
| security@ubuntu.com | https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-14179 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.net/bugs/1726372 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-14179 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apport_project | apport | * | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 17.04 | |
| canonical | ubuntu_linux | 17.10 | |
| canonical | ubuntu_linux | 18.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apport_project:apport:*:*:*:*:*:*:*:*",
"matchCriteriaId": "346D6903-A9B3-491B-8C4F-0506F18E7EAD",
"versionEndExcluding": "2.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*",
"matchCriteriaId": "588D4F37-0A56-47A4-B710-4D5F3D214FB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apport before 2.13 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers."
},
{
"lang": "es",
"value": "Apport, en versiones anteriores a la 2.13, no gestiona adecuadamente los cierres inesperados provenientes de un espacio de nombre PID, lo que permite que los usuarios locales creen ciertos archivos como root. Un atacante podr\u00eda aprovechar estos archivos para realizar una denegaci\u00f3n de servicio (DoS) mediante el agotamiento de recursos o, posiblemente, obtener privilegios root o escapar de contenedores."
}
],
"id": "CVE-2017-14179",
"lastModified": "2024-11-21T03:12:18.607",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-02T14:29:00.403",
"references": [
{
"source": "security@ubuntu.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://launchpad.net/bugs/1726372"
},
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-14179"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://launchpad.net/bugs/1726372"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-14179"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-05-31 22:29
Modified
2024-11-21 04:10
Severity ?
Summary
Apport does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers. The is_same_ns() function returns True when /proc/<global pid>/ does not exist in order to indicate that the crash should be handled in the global namespace rather than inside of a container. However, the portion of the data/apport code that decides whether or not to forward a crash to a container does not always replace sys.argv[1] with the value stored in the host_pid variable when /proc/<global pid>/ does not exist which results in the container pid being used in the global namespace. This flaw affects versions 2.20.8-0ubuntu4 through 2.20.9-0ubuntu7, 2.20.7-0ubuntu3.7, 2.20.7-0ubuntu3.8, 2.20.1-0ubuntu2.15 through 2.20.1-0ubuntu2.17, and 2.14.1-0ubuntu3.28.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@ubuntu.com | https://usn.ubuntu.com/3664-2/ | Vendor Advisory | |
| security@ubuntu.com | https://usn.ubuntu.com/usn/usn-3664-1 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3664-2/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/usn/usn-3664-1 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apport_project | apport | 2.14.1 | |
| canonical | ubuntu_linux | 14.04 | |
| apport_project | apport | 2.20.9 | |
| canonical | ubuntu_linux | 18.04 | |
| apport_project | apport | 2.20.7 | |
| canonical | ubuntu_linux | 17.10 | |
| apport_project | apport | 2.20.1 | |
| canonical | ubuntu_linux | 16.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apport_project:apport:2.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8CBC4B18-529F-4AAE-BCFE-6F8ACA5346B5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apport_project:apport:2.20.9:*:*:*:*:*:*:*",
"matchCriteriaId": "01B2C2C2-E12D-4DD2-9162-2ABBE91454BE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apport_project:apport:2.20.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AF9D13BC-5B99-4B99-9C43-5FA848F9AAAC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apport_project:apport:2.20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D55EA2A0-01E7-4816-ACBE-497296FAE0D7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apport does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers. The is_same_ns() function returns True when /proc/\u003cglobal pid\u003e/ does not exist in order to indicate that the crash should be handled in the global namespace rather than inside of a container. However, the portion of the data/apport code that decides whether or not to forward a crash to a container does not always replace sys.argv[1] with the value stored in the host_pid variable when /proc/\u003cglobal pid\u003e/ does not exist which results in the container pid being used in the global namespace. This flaw affects versions 2.20.8-0ubuntu4 through 2.20.9-0ubuntu7, 2.20.7-0ubuntu3.7, 2.20.7-0ubuntu3.8, 2.20.1-0ubuntu2.15 through 2.20.1-0ubuntu2.17, and 2.14.1-0ubuntu3.28."
},
{
"lang": "es",
"value": "Apport no gestiona adecuadamente los cierres inesperados provenientes de un espacio de nombre PID, lo que permite que los usuarios locales creen ciertos archivos como root. Un atacante podr\u00eda aprovechar estos archivos para realizar una denegaci\u00f3n de servicio (DoS) mediante el agotamiento de recursos o, posiblemente, obtener privilegios root o escapar de contenedores. La funci\u00f3n is_same_ns() devuelve True cuando /proc// no existe para indicar que el cierre inesperado deber\u00eda ser gestionado en el espacio de nombres global, en lugar de en el interior de un contenedor. Sin embargo, la porci\u00f3n de c\u00f3digo de datos/apport que decide si reenviar o no un cierre inesperado a un contenedor no siempre reemplaza sys.argv[1] con el valor almacenado en la variable host_pid cuando /proc// no existe. Esto resulta en que el contenedor pid se emplea en el espacio de nombres global. Este error afecta a las versiones 2.20.8-0ubuntu4 hasta 2.20.9-0ubuntu7, 2.20.7-0ubuntu3.7, 2.20.7-0ubuntu3.8, 2.20.1-0ubuntu2.15 hasta 2.20.1-0ubuntu2.17 y 2.14.1-0ubuntu3.28."
}
],
"id": "CVE-2018-6552",
"lastModified": "2024-11-21T04:10:53.427",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-31T22:29:00.207",
"references": [
{
"source": "security@ubuntu.com",
"tags": [
"Vendor Advisory"
],
"url": "https://usn.ubuntu.com/3664-2/"
},
{
"source": "security@ubuntu.com",
"tags": [
"Vendor Advisory"
],
"url": "https://usn.ubuntu.com/usn/usn-3664-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://usn.ubuntu.com/3664-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://usn.ubuntu.com/usn/usn-3664-1"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2022-28658
Vulnerability from cvelistv5
Published
2024-06-04 22:03
Modified
2024-10-27 14:58
Severity ?
EPSS score ?
Summary
Apport argument parsing mishandles filename splitting on older kernels resulting in argument spoofing
References
| ▼ | URL | Tags |
|---|---|---|
| https://ubuntu.com/security/notices/USN-5427-1 | vendor-advisory | |
| https://www.cve.org/CVERecord?id=CVE-2022-28658 | issue-tracking |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Canonical Ltd. | Apport |
Version: 0 ≤ |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:56:16.460Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28658"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-28658",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-19T13:49:23.848642Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-27T14:58:19.533Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "apport",
"platforms": [
"Linux"
],
"product": "Apport",
"repo": "https://github.com/canonical/apport",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "2.21.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gerrit Venema"
}
],
"descriptions": [
{
"lang": "en",
"value": "Apport argument parsing mishandles filename splitting on older kernels resulting in argument spoofing"
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T22:03:53.633Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28658"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2022-28658",
"datePublished": "2024-06-04T22:03:53.633Z",
"dateReserved": "2022-04-05T02:16:30.820Z",
"dateUpdated": "2024-10-27T14:58:19.533Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-14179
Vulnerability from cvelistv5
Published
2018-02-02 14:00
Modified
2024-09-16 20:42
Severity ?
EPSS score ?
Summary
Apport before 2.13 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers.
References
| ▼ | URL | Tags |
|---|---|---|
| https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-14179 | x_refsource_CONFIRM | |
| https://launchpad.net/bugs/1726372 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:20:40.820Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-14179"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/bugs/1726372"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apport",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before 2.13"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sander Bos"
}
],
"datePublic": "2017-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apport before 2.13 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service via resource exhaustion, privilege escalation, and escape from containers",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-02T13:57:01",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-14179"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/bugs/1726372"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2017-11-15T19:00:00.000Z",
"ID": "CVE-2017-14179",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apport",
"version": {
"version_data": [
{
"version_value": "before 2.13"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
"Sander Bos"
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apport before 2.13 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service via resource exhaustion, privilege escalation, and escape from containers"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-14179",
"refsource": "CONFIRM",
"url": "https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-14179"
},
{
"name": "https://launchpad.net/bugs/1726372",
"refsource": "CONFIRM",
"url": "https://launchpad.net/bugs/1726372"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2017-14179",
"datePublished": "2018-02-02T14:00:00Z",
"dateReserved": "2017-09-07T00:00:00",
"dateUpdated": "2024-09-16T20:42:06.537Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-7307
Vulnerability from cvelistv5
Published
2019-08-29 14:40
Modified
2024-09-16 23:56
Severity ?
EPSS score ?
Summary
Apport before versions 2.14.1-0ubuntu3.29+esm1, 2.20.1-0ubuntu2.19, 2.20.9-0ubuntu7.7, 2.20.10-0ubuntu27.1, 2.20.11-0ubuntu5 contained a TOCTTOU vulnerability when reading the users ~/.apport-ignore.xml file, which allows a local attacker to replace this file with a symlink to any other file on the system and so cause Apport to include the contents of this other file in the resulting crash report. The crash report could then be read by that user either by causing it to be uploaded and reported to Launchpad, or by leveraging some other vulnerability to read the resulting crash report, and so allow the user to read arbitrary files on the system.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:46:46.148Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7307.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/%2Bsource/apport/%2Bbug/1830858"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "apport",
"vendor": "Ubuntu",
"versions": [
{
"status": "affected",
"version": "before 2.14.1-0ubuntu3.29+esm1"
},
{
"status": "affected",
"version": "before 2.20.1-0ubuntu2.19"
},
{
"status": "affected",
"version": "before 2.20.9-0ubuntu7.7"
},
{
"status": "affected",
"version": "before 2.20.10-0ubuntu27.1"
},
{
"status": "affected",
"version": "before 2.20.11-0ubuntu5"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Kevin Backhouse of Semmle Security Research Team"
}
],
"datePublic": "2019-07-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apport before versions 2.14.1-0ubuntu3.29+esm1, 2.20.1-0ubuntu2.19, 2.20.9-0ubuntu7.7, 2.20.10-0ubuntu27.1, 2.20.11-0ubuntu5 contained a TOCTTOU vulnerability when reading the users ~/.apport-ignore.xml file, which allows a local attacker to replace this file with a symlink to any other file on the system and so cause Apport to include the contents of this other file in the resulting crash report. The crash report could then be read by that user either by causing it to be uploaded and reported to Launchpad, or by leveraging some other vulnerability to read the resulting crash report, and so allow the user to read arbitrary files on the system."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-12T00:00:00",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"url": "https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7307.html"
},
{
"url": "https://bugs.launchpad.net/ubuntu/%2Bsource/apport/%2Bbug/1830858"
},
{
"url": "http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html"
}
],
"source": {
"advisory": "https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7307.html",
"defect": [
"https://bugs.launchpad.net/ubuntu/%2Bsource/apport/%2Bbug/1830858"
],
"discovery": "EXTERNAL"
},
"title": "Apport contains a TOCTTOU vulnerability when reading the users ~/.apport-ignore.xml",
"x_generator": {
"engine": "Vulnogram 0.0.7"
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2019-7307",
"datePublished": "2019-08-29T14:40:18.750978Z",
"dateReserved": "2019-02-01T00:00:00",
"dateUpdated": "2024-09-16T23:56:02.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-10708
Vulnerability from cvelistv5
Published
2017-07-18 20:00
Modified
2024-08-05 17:41
Severity ?
EPSS score ?
Summary
An issue was discovered in Apport through 2.20.x. In apport/report.py, Apport sets the ExecutablePath field and it then uses the path to run package specific hooks without protecting against path traversal. This allows remote attackers to execute arbitrary code via a crafted .crash file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://launchpad.net/ubuntu/+source/apport/+changelog | x_refsource_CONFIRM | |
| https://launchpad.net/bugs/1700573 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:41:55.621Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/ubuntu/+source/apport/+changelog"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/bugs/1700573"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Apport through 2.20.x. In apport/report.py, Apport sets the ExecutablePath field and it then uses the path to run package specific hooks without protecting against path traversal. This allows remote attackers to execute arbitrary code via a crafted .crash file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-18T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/ubuntu/+source/apport/+changelog"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/bugs/1700573"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10708",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Apport through 2.20.x. In apport/report.py, Apport sets the ExecutablePath field and it then uses the path to run package specific hooks without protecting against path traversal. This allows remote attackers to execute arbitrary code via a crafted .crash file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.net/ubuntu/+source/apport/+changelog",
"refsource": "CONFIRM",
"url": "https://launchpad.net/ubuntu/+source/apport/+changelog"
},
{
"name": "https://launchpad.net/bugs/1700573",
"refsource": "CONFIRM",
"url": "https://launchpad.net/bugs/1700573"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10708",
"datePublished": "2017-07-18T20:00:00",
"dateReserved": "2017-06-30T00:00:00",
"dateUpdated": "2024-08-05T17:41:55.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-28655
Vulnerability from cvelistv5
Published
2024-06-04 21:56
Modified
2024-10-27 17:49
Severity ?
EPSS score ?
Summary
is_closing_session() allows users to create arbitrary tcp dbus connections
References
| ▼ | URL | Tags |
|---|---|---|
| https://ubuntu.com/security/notices/USN-5427-1 | vendor-advisory | |
| https://www.cve.org/CVERecord?id=CVE-2022-28655 | issue-tracking |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Canonical Ltd. | Apport |
Version: 0 ≤ |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:56:16.459Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28655"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-28655",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T14:08:24.480412Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-27T17:49:04.264Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "apport",
"platforms": [
"Linux"
],
"product": "Apport",
"repo": "https://github.com/canonical/apport",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "2.21.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gerrit Venema"
}
],
"descriptions": [
{
"lang": "en",
"value": "is_closing_session() allows users to create arbitrary tcp dbus connections"
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T21:56:50.616Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28655"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2022-28655",
"datePublished": "2024-06-04T21:56:50.616Z",
"dateReserved": "2022-04-05T02:16:30.819Z",
"dateUpdated": "2024-10-27T17:49:04.264Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-15790
Vulnerability from cvelistv5
Published
2020-04-27 23:25
Modified
2024-09-16 20:43
Severity ?
EPSS score ?
Summary
Apport reads and writes information on a crashed process to /proc/pid with elevated privileges. Apport then determines which user the crashed process belongs to by reading /proc/pid through get_pid_info() in data/apport. An unprivileged user could exploit this to read information about a privileged running process by exploiting PID recycling. This information could then be used to obtain ASLR offsets for a process with an existing memory corruption vulnerability. The initial fix introduced regressions in the Python Apport library due to a missing argument in Report.add_proc_environ in apport/report.py. It also caused an autopkgtest failure when reading /proc/pid and with Python 2 compatibility by reading /proc maps. The initial and subsequent regression fixes are in 2.20.11-0ubuntu16, 2.20.11-0ubuntu8.6, 2.20.9-0ubuntu7.12, 2.20.1-0ubuntu2.22 and 2.14.1-0ubuntu3.29+esm3.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:56:22.465Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1839795"
},
{
"tags": [
"x_transferred"
],
"url": "https://usn.ubuntu.com/4171-1/"
},
{
"tags": [
"x_transferred"
],
"url": "https://usn.ubuntu.com/4171-2/"
},
{
"tags": [
"x_transferred"
],
"url": "https://usn.ubuntu.com/4171-3/"
},
{
"tags": [
"x_transferred"
],
"url": "https://usn.ubuntu.com/4171-4/"
},
{
"tags": [
"x_transferred"
],
"url": "https://usn.ubuntu.com/4171-5/"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1850929"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1851806"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.launchpad.net/apport/+bug/1854237"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apport",
"vendor": "Canonical",
"versions": [
{
"lessThan": "2.14.1-0ubuntu3.29+esm3",
"status": "affected",
"version": "2.14.1",
"versionType": "custom"
},
{
"lessThan": "2.20.1-0ubuntu2.22",
"status": "affected",
"version": "2.20.1",
"versionType": "custom"
},
{
"lessThan": "2.20.9-0ubuntu7.12",
"status": "affected",
"version": "2.20.9",
"versionType": "custom"
},
{
"changes": [
{
"at": "2.20.11-0ubuntu16",
"status": "unaffected"
}
],
"lessThan": "2.20.11-0ubuntu8.6",
"status": "affected",
"version": "2.20.11",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Kevin Backhouse"
}
],
"datePublic": "2019-10-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apport reads and writes information on a crashed process to /proc/pid with elevated privileges. Apport then determines which user the crashed process belongs to by reading /proc/pid through get_pid_info() in data/apport. An unprivileged user could exploit this to read information about a privileged running process by exploiting PID recycling. This information could then be used to obtain ASLR offsets for a process with an existing memory corruption vulnerability. The initial fix introduced regressions in the Python Apport library due to a missing argument in Report.add_proc_environ in apport/report.py. It also caused an autopkgtest failure when reading /proc/pid and with Python 2 compatibility by reading /proc maps. The initial and subsequent regression fixes are in 2.20.11-0ubuntu16, 2.20.11-0ubuntu8.6, 2.20.9-0ubuntu7.12, 2.20.1-0ubuntu2.22 and 2.14.1-0ubuntu3.29+esm3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250 Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-12T00:00:00",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1839795"
},
{
"url": "https://usn.ubuntu.com/4171-1/"
},
{
"url": "https://usn.ubuntu.com/4171-2/"
},
{
"url": "https://usn.ubuntu.com/4171-3/"
},
{
"url": "https://usn.ubuntu.com/4171-4/"
},
{
"url": "https://usn.ubuntu.com/4171-5/"
},
{
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1850929"
},
{
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1851806"
},
{
"url": "https://bugs.launchpad.net/apport/+bug/1854237"
},
{
"url": "http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html"
}
],
"source": {
"advisory": "https://usn.ubuntu.com/4171-1/",
"defect": [
"https://launchpad.net/bugs/1839795"
],
"discovery": "EXTERNAL"
},
"title": "Apport reads PID files with elevated privileges",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2019-15790",
"datePublished": "2020-04-27T23:25:19.961303Z",
"dateReserved": "2019-08-29T00:00:00",
"dateUpdated": "2024-09-16T20:43:33.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-14177
Vulnerability from cvelistv5
Published
2018-02-02 14:00
Modified
2024-09-17 00:15
Severity ?
EPSS score ?
Summary
Apport through 2.20.7 does not properly handle core dumps from setuid binaries allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1324.
References
| ▼ | URL | Tags |
|---|---|---|
| https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-14177 | x_refsource_CONFIRM | |
| https://bazaar.launchpad.net/~apport-hackers/apport/trunk/revision/3171 | x_refsource_CONFIRM | |
| https://usn.ubuntu.com/usn/usn-3480-1 | vendor-advisory, x_refsource_UBUNTU | |
| https://launchpad.net/bugs/1726372 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:20:40.651Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-14177"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bazaar.launchpad.net/~apport-hackers/apport/trunk/revision/3171"
},
{
"name": "USN-3480-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/usn/usn-3480-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/bugs/1726372"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apport",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "through 2.20.7"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sander Bos"
}
],
"datePublic": "2017-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apport through 2.20.7 does not properly handle core dumps from setuid binaries allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1324."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service via resource exhaustion and privilege escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-02T13:57:01",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-14177"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bazaar.launchpad.net/~apport-hackers/apport/trunk/revision/3171"
},
{
"name": "USN-3480-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/usn/usn-3480-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/bugs/1726372"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2017-11-15T19:00:00.000Z",
"ID": "CVE-2017-14177",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apport",
"version": {
"version_data": [
{
"version_value": "through 2.20.7"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
"Sander Bos"
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apport through 2.20.7 does not properly handle core dumps from setuid binaries allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1324."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service via resource exhaustion and privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-14177",
"refsource": "CONFIRM",
"url": "https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-14177"
},
{
"name": "https://bazaar.launchpad.net/~apport-hackers/apport/trunk/revision/3171",
"refsource": "CONFIRM",
"url": "https://bazaar.launchpad.net/~apport-hackers/apport/trunk/revision/3171"
},
{
"name": "USN-3480-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/usn/usn-3480-1"
},
{
"name": "https://launchpad.net/bugs/1726372",
"refsource": "CONFIRM",
"url": "https://launchpad.net/bugs/1726372"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2017-14177",
"datePublished": "2018-02-02T14:00:00Z",
"dateReserved": "2017-09-07T00:00:00",
"dateUpdated": "2024-09-17T00:15:35.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-6552
Vulnerability from cvelistv5
Published
2018-05-31 22:00
Modified
2024-09-17 03:07
Severity ?
EPSS score ?
Summary
Apport does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers. The is_same_ns() function returns True when /proc/<global pid>/ does not exist in order to indicate that the crash should be handled in the global namespace rather than inside of a container. However, the portion of the data/apport code that decides whether or not to forward a crash to a container does not always replace sys.argv[1] with the value stored in the host_pid variable when /proc/<global pid>/ does not exist which results in the container pid being used in the global namespace. This flaw affects versions 2.20.8-0ubuntu4 through 2.20.9-0ubuntu7, 2.20.7-0ubuntu3.7, 2.20.7-0ubuntu3.8, 2.20.1-0ubuntu2.15 through 2.20.1-0ubuntu2.17, and 2.14.1-0ubuntu3.28.
References
| ▼ | URL | Tags |
|---|---|---|
| https://usn.ubuntu.com/usn/usn-3664-1 | vendor-advisory, x_refsource_UBUNTU | |
| https://usn.ubuntu.com/3664-2/ | vendor-advisory, x_refsource_UBUNTU |
Impacted products
| Vendor | Product | Version | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | Apport |
Version: 2.20.8-0ubuntu4 < unspecified Version: unspecified < 2.20.9-0ubuntu7.1 |
||||||||||||
|
|||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:10:10.228Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3664-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/usn/usn-3664-1"
},
{
"name": "USN-3664-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3664-2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Ubuntu 18.04"
],
"product": "Apport",
"vendor": "n/a",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.20.8-0ubuntu4",
"versionType": "custom"
},
{
"lessThan": "2.20.9-0ubuntu7.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"Ubuntu 16.04"
],
"product": "Apport",
"vendor": "n/a",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.20.1-0ubuntu2.15",
"versionType": "custom"
},
{
"lessThan": "2.20.1-0ubuntu2.18",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"Ubuntu 17.10"
],
"product": "Apport",
"vendor": "n/a",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.20.7-0ubuntu3.7",
"versionType": "custom"
},
{
"lessThan": "2.20.7-0ubuntu3.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"Ubuntu 14.04"
],
"product": "Apport",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.14.1-0ubuntu3.28"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sander Bos"
}
],
"datePublic": "2018-05-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apport does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers. The is_same_ns() function returns True when /proc/\u003cglobal pid\u003e/ does not exist in order to indicate that the crash should be handled in the global namespace rather than inside of a container. However, the portion of the data/apport code that decides whether or not to forward a crash to a container does not always replace sys.argv[1] with the value stored in the host_pid variable when /proc/\u003cglobal pid\u003e/ does not exist which results in the container pid being used in the global namespace. This flaw affects versions 2.20.8-0ubuntu4 through 2.20.9-0ubuntu7, 2.20.7-0ubuntu3.7, 2.20.7-0ubuntu3.8, 2.20.1-0ubuntu2.15 through 2.20.1-0ubuntu2.17, and 2.14.1-0ubuntu3.28."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service via resource exhaustion, privilege escalation, and escape from containers",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-08T18:57:01",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "USN-3664-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/usn/usn-3664-1"
},
{
"name": "USN-3664-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3664-2/"
}
],
"source": {
"advisory": "USN-3664-1",
"defect": [
"1746668"
],
"discovery": "EXTERNAL"
},
"title": "Apport treats the container PID as the global PID when /proc/\u003cglobal_pid\u003e/ is missing",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2018-05-30T18:00:00.000Z",
"ID": "CVE-2018-6552",
"STATE": "PUBLIC",
"TITLE": "Apport treats the container PID as the global PID when /proc/\u003cglobal_pid\u003e/ is missing"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apport",
"version": {
"version_data": [
{
"affected": "\u003e=",
"platform": "Ubuntu 18.04",
"version_affected": "\u003e=",
"version_value": "2.20.8-0ubuntu4"
},
{
"affected": "\u003c",
"platform": "Ubuntu 18.04",
"version_affected": "\u003c",
"version_value": "2.20.9-0ubuntu7.1"
},
{
"affected": "\u003e=",
"platform": "Ubuntu 16.04",
"version_affected": "\u003e=",
"version_value": "2.20.1-0ubuntu2.15"
},
{
"affected": "\u003c",
"platform": "Ubuntu 16.04",
"version_affected": "\u003c",
"version_value": "2.20.1-0ubuntu2.18"
},
{
"affected": "\u003e=",
"platform": "Ubuntu 17.10",
"version_affected": "\u003e=",
"version_value": "2.20.7-0ubuntu3.7"
},
{
"affected": "\u003c",
"platform": "Ubuntu 17.10",
"version_affected": "\u003c",
"version_value": "2.20.7-0ubuntu3.9"
},
{
"affected": "=",
"platform": "Ubuntu 14.04",
"version_affected": "=",
"version_value": "2.14.1-0ubuntu3.28"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Sander Bos"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apport does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers. The is_same_ns() function returns True when /proc/\u003cglobal pid\u003e/ does not exist in order to indicate that the crash should be handled in the global namespace rather than inside of a container. However, the portion of the data/apport code that decides whether or not to forward a crash to a container does not always replace sys.argv[1] with the value stored in the host_pid variable when /proc/\u003cglobal pid\u003e/ does not exist which results in the container pid being used in the global namespace. This flaw affects versions 2.20.8-0ubuntu4 through 2.20.9-0ubuntu7, 2.20.7-0ubuntu3.7, 2.20.7-0ubuntu3.8, 2.20.1-0ubuntu2.15 through 2.20.1-0ubuntu2.17, and 2.14.1-0ubuntu3.28."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service via resource exhaustion, privilege escalation, and escape from containers"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3664-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/usn/usn-3664-1"
},
{
"name": "USN-3664-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3664-2/"
}
]
},
"source": {
"advisory": "USN-3664-1",
"defect": [
"1746668"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2018-6552",
"datePublished": "2018-05-31T22:00:00Z",
"dateReserved": "2018-02-02T00:00:00",
"dateUpdated": "2024-09-17T03:07:21.752Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-28656
Vulnerability from cvelistv5
Published
2024-06-04 21:58
Modified
2024-08-05 15:37
Severity ?
EPSS score ?
Summary
is_closing_session() allows users to consume RAM in the Apport process
References
| ▼ | URL | Tags |
|---|---|---|
| https://ubuntu.com/security/notices/USN-5427-1 | vendor-advisory | |
| https://www.cve.org/CVERecord?id=CVE-2022-28656 | issue-tracking |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Canonical Ltd. | Apport |
Version: 0 ≤ |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:56:16.393Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28656"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-28656",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-05T15:36:41.217327Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T15:37:09.584Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "apport",
"platforms": [
"Linux"
],
"product": "Apport",
"repo": "https://github.com/canonical/apport",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "2.21.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gerrit Venema"
}
],
"descriptions": [
{
"lang": "en",
"value": "is_closing_session() allows users to consume RAM in the Apport process"
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T21:58:44.839Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28656"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2022-28656",
"datePublished": "2024-06-04T21:58:44.839Z",
"dateReserved": "2022-04-05T02:16:30.819Z",
"dateUpdated": "2024-08-05T15:37:09.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-28652
Vulnerability from cvelistv5
Published
2024-06-04 21:38
Modified
2024-08-05 17:47
Severity ?
EPSS score ?
Summary
~/.config/apport/settings parsing is vulnerable to "billion laughs" attack
References
| ▼ | URL | Tags |
|---|---|---|
| https://ubuntu.com/security/notices/USN-5427-1 | vendor-advisory | |
| https://www.cve.org/CVERecord?id=CVE-2022-28652 | issue-tracking |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Canonical Ltd. | Apport |
Version: 0 ≤ |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:56:16.323Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28652"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-28652",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-05T17:47:40.492996Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T17:47:51.218Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "apport",
"platforms": [
"Linux"
],
"product": "Apport",
"repo": "https://github.com/canonical/apport",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "2.21.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gerrit Venema"
}
],
"descriptions": [
{
"lang": "en",
"value": "~/.config/apport/settings parsing is vulnerable to \"billion laughs\" attack"
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T21:38:44.324Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28652"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2022-28652",
"datePublished": "2024-06-04T21:38:44.324Z",
"dateReserved": "2022-04-05T02:16:30.818Z",
"dateUpdated": "2024-08-05T17:47:51.218Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-11483
Vulnerability from cvelistv5
Published
2020-02-08 04:50
Modified
2024-09-16 18:17
Severity ?
EPSS score ?
Summary
Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user.
References
| ▼ | URL | Tags |
|---|---|---|
| https://usn.ubuntu.com/usn/usn-4171-1 | x_refsource_MISC | |
| https://usn.ubuntu.com/usn/usn-4171-2 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:55:40.442Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://usn.ubuntu.com/usn/usn-4171-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://usn.ubuntu.com/usn/usn-4171-2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "apport",
"vendor": "Canonical",
"versions": [
{
"lessThan": "2.14.1-0ubuntu3.29+esm2",
"status": "affected",
"version": "2.14.1",
"versionType": "custom"
},
{
"lessThan": "2.20.1-0ubuntu2.20",
"status": "affected",
"version": "2.20.1",
"versionType": "custom"
},
{
"lessThan": "2.20.9-0ubuntu7.8",
"status": "affected",
"version": "2.20.9",
"versionType": "custom"
},
{
"lessThan": "2.20.11-0ubuntu8.1",
"status": "affected",
"version": "2.20.11",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sander Bos"
}
],
"datePublic": "2019-10-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Read user data with administrator privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-08T04:50:22",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://usn.ubuntu.com/usn/usn-4171-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://usn.ubuntu.com/usn/usn-4171-2"
}
],
"source": {
"advisory": "https://usn.ubuntu.com/usn/usn-4171-1",
"defect": [
"https://bugs.launchpad.net/apport/+bug/1839413"
],
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2019-10-29T00:00:00.000Z",
"ID": "CVE-2019-11483",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "apport",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.14.1",
"version_value": "2.14.1-0ubuntu3.29+esm2"
},
{
"version_affected": "\u003c",
"version_name": "2.20.1",
"version_value": "2.20.1-0ubuntu2.20"
},
{
"version_affected": "\u003c",
"version_name": "2.20.9",
"version_value": "2.20.9-0ubuntu7.8"
},
{
"version_affected": "\u003c",
"version_name": "2.20.11",
"version_value": "2.20.11-0ubuntu8.1"
}
]
}
}
]
},
"vendor_name": "Canonical"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Sander Bos"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Read user data with administrator privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://usn.ubuntu.com/usn/usn-4171-1",
"refsource": "MISC",
"url": "https://usn.ubuntu.com/usn/usn-4171-1"
},
{
"name": "https://usn.ubuntu.com/usn/usn-4171-2",
"refsource": "MISC",
"url": "https://usn.ubuntu.com/usn/usn-4171-2"
}
]
},
"source": {
"advisory": "https://usn.ubuntu.com/usn/usn-4171-1",
"defect": [
"https://bugs.launchpad.net/apport/+bug/1839413"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2019-11483",
"datePublished": "2020-02-08T04:50:22.806201Z",
"dateReserved": "2019-04-23T00:00:00",
"dateUpdated": "2024-09-16T18:17:50.401Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-1338
Vulnerability from cvelistv5
Published
2015-10-01 20:00
Modified
2024-08-06 04:40
Severity ?
EPSS score ?
Summary
kernel_crashdump in Apport before 2.19 allows local users to cause a denial of service (disk consumption) or possibly gain privileges via a (1) symlink or (2) hard link attack on /var/crash/vmcore.log.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ubuntu.com/usn/USN-2744-1 | vendor-advisory, x_refsource_UBUNTU | |
| https://launchpad.net/apport/trunk/2.19 | x_refsource_CONFIRM | |
| https://www.exploit-db.com/exploits/38353/ | exploit, x_refsource_EXPLOIT-DB | |
| https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1492570 | x_refsource_CONFIRM | |
| http://www.halfdog.net/Security/2015/ApportKernelCrashdumpFileAccessVulnerabilities/ | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2015/Sep/101 | mailing-list, x_refsource_FULLDISC | |
| http://packetstormsecurity.com/files/133723/Ubuntu-Apport-kernel_crashdump-Symlink.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:40:18.528Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-2744-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2744-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/apport/trunk/2.19"
},
{
"name": "38353",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/38353/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1492570"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.halfdog.net/Security/2015/ApportKernelCrashdumpFileAccessVulnerabilities/"
},
{
"name": "20150927 Apport kernel_crashdump symlink vulnerability exploitation",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Sep/101"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/133723/Ubuntu-Apport-kernel_crashdump-Symlink.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "kernel_crashdump in Apport before 2.19 allows local users to cause a denial of service (disk consumption) or possibly gain privileges via a (1) symlink or (2) hard link attack on /var/crash/vmcore.log."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-10-01T19:57:01",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "USN-2744-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2744-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/apport/trunk/2.19"
},
{
"name": "38353",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/38353/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1492570"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.halfdog.net/Security/2015/ApportKernelCrashdumpFileAccessVulnerabilities/"
},
{
"name": "20150927 Apport kernel_crashdump symlink vulnerability exploitation",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Sep/101"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/133723/Ubuntu-Apport-kernel_crashdump-Symlink.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2015-1338",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "kernel_crashdump in Apport before 2.19 allows local users to cause a denial of service (disk consumption) or possibly gain privileges via a (1) symlink or (2) hard link attack on /var/crash/vmcore.log."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2744-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2744-1"
},
{
"name": "https://launchpad.net/apport/trunk/2.19",
"refsource": "CONFIRM",
"url": "https://launchpad.net/apport/trunk/2.19"
},
{
"name": "38353",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/38353/"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1492570",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1492570"
},
{
"name": "http://www.halfdog.net/Security/2015/ApportKernelCrashdumpFileAccessVulnerabilities/",
"refsource": "MISC",
"url": "http://www.halfdog.net/Security/2015/ApportKernelCrashdumpFileAccessVulnerabilities/"
},
{
"name": "20150927 Apport kernel_crashdump symlink vulnerability exploitation",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Sep/101"
},
{
"name": "http://packetstormsecurity.com/files/133723/Ubuntu-Apport-kernel_crashdump-Symlink.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133723/Ubuntu-Apport-kernel_crashdump-Symlink.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2015-1338",
"datePublished": "2015-10-01T20:00:00",
"dateReserved": "2015-01-22T00:00:00",
"dateUpdated": "2024-08-06T04:40:18.528Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9949
Vulnerability from cvelistv5
Published
2016-12-17 03:34
Modified
2024-08-06 03:07
Severity ?
EPSS score ?
Summary
An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "{". This allows remote attackers to execute arbitrary Python code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/DonnchaC/ubuntu-apport-exploitation | x_refsource_MISC | |
| https://donncha.is/2016/12/compromising-ubuntu-desktop/ | x_refsource_MISC | |
| https://bugs.launchpad.net/apport/+bug/1648806 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/95011 | vdb-entry, x_refsource_BID | |
| http://www.ubuntu.com/usn/USN-3157-1 | vendor-advisory, x_refsource_UBUNTU | |
| https://www.exploit-db.com/exploits/40937/ | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:31.413Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/DonnchaC/ubuntu-apport-exploitation"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://donncha.is/2016/12/compromising-ubuntu-desktop/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/apport/+bug/1648806"
},
{
"name": "95011",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95011"
},
{
"name": "USN-3157-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3157-1"
},
{
"name": "40937",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40937/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a \"{\". This allows remote attackers to execute arbitrary Python code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-04T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/DonnchaC/ubuntu-apport-exploitation"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://donncha.is/2016/12/compromising-ubuntu-desktop/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/apport/+bug/1648806"
},
{
"name": "95011",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95011"
},
{
"name": "USN-3157-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3157-1"
},
{
"name": "40937",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40937/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9949",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a \"{\". This allows remote attackers to execute arbitrary Python code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/DonnchaC/ubuntu-apport-exploitation",
"refsource": "MISC",
"url": "https://github.com/DonnchaC/ubuntu-apport-exploitation"
},
{
"name": "https://donncha.is/2016/12/compromising-ubuntu-desktop/",
"refsource": "MISC",
"url": "https://donncha.is/2016/12/compromising-ubuntu-desktop/"
},
{
"name": "https://bugs.launchpad.net/apport/+bug/1648806",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/apport/+bug/1648806"
},
{
"name": "95011",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95011"
},
{
"name": "USN-3157-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3157-1"
},
{
"name": "40937",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40937/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9949",
"datePublished": "2016-12-17T03:34:00",
"dateReserved": "2016-12-14T00:00:00",
"dateUpdated": "2024-08-06T03:07:31.413Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9950
Vulnerability from cvelistv5
Published
2016-12-17 03:34
Modified
2024-08-06 03:07
Severity ?
EPSS score ?
Summary
An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file "Package" and "SourcePackage" fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory. An attacker can exploit this path traversal to execute arbitrary Python files from the local system.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/DonnchaC/ubuntu-apport-exploitation | x_refsource_MISC | |
| https://donncha.is/2016/12/compromising-ubuntu-desktop/ | x_refsource_MISC | |
| https://bugs.launchpad.net/apport/+bug/1648806 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/95011 | vdb-entry, x_refsource_BID | |
| http://www.ubuntu.com/usn/USN-3157-1 | vendor-advisory, x_refsource_UBUNTU | |
| https://www.exploit-db.com/exploits/40937/ | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:31.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/DonnchaC/ubuntu-apport-exploitation"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://donncha.is/2016/12/compromising-ubuntu-desktop/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/apport/+bug/1648806"
},
{
"name": "95011",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95011"
},
{
"name": "USN-3157-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3157-1"
},
{
"name": "40937",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40937/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file \"Package\" and \"SourcePackage\" fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory. An attacker can exploit this path traversal to execute arbitrary Python files from the local system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-04T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/DonnchaC/ubuntu-apport-exploitation"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://donncha.is/2016/12/compromising-ubuntu-desktop/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/apport/+bug/1648806"
},
{
"name": "95011",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95011"
},
{
"name": "USN-3157-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3157-1"
},
{
"name": "40937",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40937/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9950",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file \"Package\" and \"SourcePackage\" fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory. An attacker can exploit this path traversal to execute arbitrary Python files from the local system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/DonnchaC/ubuntu-apport-exploitation",
"refsource": "MISC",
"url": "https://github.com/DonnchaC/ubuntu-apport-exploitation"
},
{
"name": "https://donncha.is/2016/12/compromising-ubuntu-desktop/",
"refsource": "MISC",
"url": "https://donncha.is/2016/12/compromising-ubuntu-desktop/"
},
{
"name": "https://bugs.launchpad.net/apport/+bug/1648806",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/apport/+bug/1648806"
},
{
"name": "95011",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95011"
},
{
"name": "USN-3157-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3157-1"
},
{
"name": "40937",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40937/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9950",
"datePublished": "2016-12-17T03:34:00",
"dateReserved": "2016-12-14T00:00:00",
"dateUpdated": "2024-08-06T03:07:31.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-11482
Vulnerability from cvelistv5
Published
2020-02-08 04:50
Modified
2024-09-17 00:00
Severity ?
EPSS score ?
Summary
Sander Bos discovered a time of check to time of use (TOCTTOU) vulnerability in apport that allowed a user to cause core files to be written in arbitrary directories.
References
| ▼ | URL | Tags |
|---|---|---|
| https://usn.ubuntu.com/usn/usn-4171-1 | x_refsource_MISC | |
| https://usn.ubuntu.com/usn/usn-4171-2 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:55:40.394Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://usn.ubuntu.com/usn/usn-4171-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://usn.ubuntu.com/usn/usn-4171-2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "apport",
"vendor": "Canonical",
"versions": [
{
"lessThan": "2.14.1-0ubuntu3.29+esm2",
"status": "affected",
"version": "2.14.1",
"versionType": "custom"
},
{
"lessThan": "2.20.1-0ubuntu2.20",
"status": "affected",
"version": "2.20.1",
"versionType": "custom"
},
{
"lessThan": "2.20.9-0ubuntu7.8",
"status": "affected",
"version": "2.20.9",
"versionType": "custom"
},
{
"lessThan": "2.20.11-0ubuntu8.1",
"status": "affected",
"version": "2.20.11",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sander Bos"
}
],
"datePublic": "2019-10-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Sander Bos discovered a time of check to time of use (TOCTTOU) vulnerability in apport that allowed a user to cause core files to be written in arbitrary directories."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Read user data with administrator privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-08T04:50:22",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://usn.ubuntu.com/usn/usn-4171-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://usn.ubuntu.com/usn/usn-4171-2"
}
],
"source": {
"advisory": "https://usn.ubuntu.com/usn/usn-4171-1",
"defect": [
"https://bugs.launchpad.net/apport/+bug/1839413"
],
"discovery": "EXTERNAL"
},
"title": "Race condition between reading current working directory and writing a core dump",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2019-10-29T00:00:00.000Z",
"ID": "CVE-2019-11482",
"STATE": "PUBLIC",
"TITLE": "Race condition between reading current working directory and writing a core dump"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "apport",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.14.1",
"version_value": "2.14.1-0ubuntu3.29+esm2"
},
{
"version_affected": "\u003c",
"version_name": "2.20.1",
"version_value": "2.20.1-0ubuntu2.20"
},
{
"version_affected": "\u003c",
"version_name": "2.20.9",
"version_value": "2.20.9-0ubuntu7.8"
},
{
"version_affected": "\u003c",
"version_name": "2.20.11",
"version_value": "2.20.11-0ubuntu8.1"
}
]
}
}
]
},
"vendor_name": "Canonical"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Sander Bos"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sander Bos discovered a time of check to time of use (TOCTTOU) vulnerability in apport that allowed a user to cause core files to be written in arbitrary directories."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Read user data with administrator privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://usn.ubuntu.com/usn/usn-4171-1",
"refsource": "MISC",
"url": "https://usn.ubuntu.com/usn/usn-4171-1"
},
{
"name": "https://usn.ubuntu.com/usn/usn-4171-2",
"refsource": "MISC",
"url": "https://usn.ubuntu.com/usn/usn-4171-2"
}
]
},
"source": {
"advisory": "https://usn.ubuntu.com/usn/usn-4171-1",
"defect": [
"https://bugs.launchpad.net/apport/+bug/1839413"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2019-11482",
"datePublished": "2020-02-08T04:50:22.302773Z",
"dateReserved": "2019-04-23T00:00:00",
"dateUpdated": "2024-09-17T00:00:44.526Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-14180
Vulnerability from cvelistv5
Published
2018-02-02 14:00
Modified
2024-09-16 20:41
Severity ?
EPSS score ?
Summary
Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges, a different vulnerability than CVE-2017-14179.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bazaar.launchpad.net/~apport-hackers/apport/trunk/revision/3171 | x_refsource_CONFIRM | |
| https://usn.ubuntu.com/usn/usn-3480-1 | vendor-advisory, x_refsource_UBUNTU | |
| https://launchpad.net/bugs/1726372 | x_refsource_CONFIRM | |
| https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-14180 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:20:41.045Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bazaar.launchpad.net/~apport-hackers/apport/trunk/revision/3171"
},
{
"name": "USN-3480-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/usn/usn-3480-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/bugs/1726372"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-14180"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apport",
"vendor": "na/",
"versions": [
{
"status": "affected",
"version": "2.13 through 2.20.7"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sander Bos"
}
],
"datePublic": "2017-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges, a different vulnerability than CVE-2017-14179."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service via resource exhaustion and privilege escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-02T13:57:01",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bazaar.launchpad.net/~apport-hackers/apport/trunk/revision/3171"
},
{
"name": "USN-3480-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/usn/usn-3480-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/bugs/1726372"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-14180"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2017-11-15T19:00:00.000Z",
"ID": "CVE-2017-14180",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apport",
"version": {
"version_data": [
{
"version_value": "2.13 through 2.20.7"
}
]
}
}
]
},
"vendor_name": "na/"
}
]
}
},
"credit": [
"Sander Bos"
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges, a different vulnerability than CVE-2017-14179."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service via resource exhaustion and privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bazaar.launchpad.net/~apport-hackers/apport/trunk/revision/3171",
"refsource": "CONFIRM",
"url": "https://bazaar.launchpad.net/~apport-hackers/apport/trunk/revision/3171"
},
{
"name": "USN-3480-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/usn/usn-3480-1"
},
{
"name": "https://launchpad.net/bugs/1726372",
"refsource": "CONFIRM",
"url": "https://launchpad.net/bugs/1726372"
},
{
"name": "https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-14180",
"refsource": "CONFIRM",
"url": "https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-14180"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2017-14180",
"datePublished": "2018-02-02T14:00:00Z",
"dateReserved": "2017-09-07T00:00:00",
"dateUpdated": "2024-09-16T20:41:50.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-9951
Vulnerability from cvelistv5
Published
2016-12-17 03:34
Modified
2024-08-06 03:07
Severity ?
EPSS score ?
Summary
An issue was discovered in Apport before 2.20.4. A malicious Apport crash file can contain a restart command in `RespawnCommand` or `ProcCmdline` fields. This command will be executed if a user clicks the Relaunch button on the Apport prompt from the malicious crash file. The fix is to only show the Relaunch button on Apport crash files generated by local systems. The Relaunch button will be hidden when crash files are opened directly in Apport-GTK.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/DonnchaC/ubuntu-apport-exploitation | x_refsource_MISC | |
| https://donncha.is/2016/12/compromising-ubuntu-desktop/ | x_refsource_MISC | |
| https://bugs.launchpad.net/apport/+bug/1648806 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/95011 | vdb-entry, x_refsource_BID | |
| http://www.ubuntu.com/usn/USN-3157-1 | vendor-advisory, x_refsource_UBUNTU | |
| https://www.exploit-db.com/exploits/40937/ | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:32.111Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/DonnchaC/ubuntu-apport-exploitation"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://donncha.is/2016/12/compromising-ubuntu-desktop/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/apport/+bug/1648806"
},
{
"name": "95011",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95011"
},
{
"name": "USN-3157-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3157-1"
},
{
"name": "40937",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40937/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Apport before 2.20.4. A malicious Apport crash file can contain a restart command in `RespawnCommand` or `ProcCmdline` fields. This command will be executed if a user clicks the Relaunch button on the Apport prompt from the malicious crash file. The fix is to only show the Relaunch button on Apport crash files generated by local systems. The Relaunch button will be hidden when crash files are opened directly in Apport-GTK."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-04T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/DonnchaC/ubuntu-apport-exploitation"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://donncha.is/2016/12/compromising-ubuntu-desktop/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/apport/+bug/1648806"
},
{
"name": "95011",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95011"
},
{
"name": "USN-3157-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3157-1"
},
{
"name": "40937",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40937/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9951",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Apport before 2.20.4. A malicious Apport crash file can contain a restart command in `RespawnCommand` or `ProcCmdline` fields. This command will be executed if a user clicks the Relaunch button on the Apport prompt from the malicious crash file. The fix is to only show the Relaunch button on Apport crash files generated by local systems. The Relaunch button will be hidden when crash files are opened directly in Apport-GTK."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/DonnchaC/ubuntu-apport-exploitation",
"refsource": "MISC",
"url": "https://github.com/DonnchaC/ubuntu-apport-exploitation"
},
{
"name": "https://donncha.is/2016/12/compromising-ubuntu-desktop/",
"refsource": "MISC",
"url": "https://donncha.is/2016/12/compromising-ubuntu-desktop/"
},
{
"name": "https://bugs.launchpad.net/apport/+bug/1648806",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/apport/+bug/1648806"
},
{
"name": "95011",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95011"
},
{
"name": "USN-3157-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3157-1"
},
{
"name": "40937",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40937/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9951",
"datePublished": "2016-12-17T03:34:00",
"dateReserved": "2016-12-14T00:00:00",
"dateUpdated": "2024-08-06T03:07:32.111Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-8833
Vulnerability from cvelistv5
Published
2020-04-22 21:15
Modified
2024-09-16 20:53
Severity ?
EPSS score ?
Summary
Time-of-check Time-of-use Race Condition vulnerability on crash report ownership change in Apport allows for a possible privilege escalation opportunity. If fs.protected_symlinks is disabled, this can be exploited between the os.open and os.chown calls when the Apport cron script clears out crash files of size 0. A symlink with the same name as the deleted file can then be created upon which chown will be called, changing the file owner to root. Fixed in versions 2.20.1-0ubuntu2.23, 2.20.9-0ubuntu7.14, 2.20.11-0ubuntu8.8 and 2.20.11-0ubuntu22.
References
| ▼ | URL | Tags |
|---|---|---|
| https://usn.ubuntu.com/4315-1/ | x_refsource_CONFIRM | |
| https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1862933 | x_refsource_CONFIRM | |
| https://usn.ubuntu.com/4315-2/ | vendor-advisory, x_refsource_UBUNTU |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:12:10.622Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4315-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1862933"
},
{
"name": "USN-4315-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4315-2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apport",
"vendor": "Canonical",
"versions": [
{
"lessThan": "2.20.1-0ubuntu2.23",
"status": "affected",
"version": "2.20.1",
"versionType": "custom"
},
{
"lessThan": "2.20.9-0ubuntu7.14",
"status": "affected",
"version": "2.20.9",
"versionType": "custom"
},
{
"changes": [
{
"at": "2.20.11-0ubuntu22",
"status": "unaffected"
}
],
"lessThan": "2.20.11-0ubuntu8.8",
"status": "affected",
"version": "2.20.11",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Maximilien Bourgeteau"
}
],
"datePublic": "2020-04-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Time-of-check Time-of-use Race Condition vulnerability on crash report ownership change in Apport allows for a possible privilege escalation opportunity. If fs.protected_symlinks is disabled, this can be exploited between the os.open and os.chown calls when the Apport cron script clears out crash files of size 0. A symlink with the same name as the deleted file can then be created upon which chown will be called, changing the file owner to root. Fixed in versions 2.20.1-0ubuntu2.23, 2.20.9-0ubuntu7.14, 2.20.11-0ubuntu8.8 and 2.20.11-0ubuntu22."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-24T20:06:03",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://usn.ubuntu.com/4315-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1862933"
},
{
"name": "USN-4315-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4315-2/"
}
],
"source": {
"advisory": "https://usn.ubuntu.com/4315-1/",
"defect": [
"https://launchpad.net/bugs/1862933"
],
"discovery": "EXTERNAL"
},
"title": "Apport race condition in crash report permissions",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2020-04-02T00:43:00.000Z",
"ID": "CVE-2020-8833",
"STATE": "PUBLIC",
"TITLE": "Apport race condition in crash report permissions"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apport",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c",
"version_name": "2.20.1",
"version_value": "2.20.1-0ubuntu2.23"
},
{
"platform": "",
"version_affected": "\u003c",
"version_name": "2.20.9",
"version_value": "2.20.9-0ubuntu7.14"
},
{
"platform": "",
"version_affected": "\u003c",
"version_name": "2.20.11",
"version_value": "2.20.11-0ubuntu8.8"
},
{
"platform": "",
"version_affected": "\u003c",
"version_name": "2.20.11",
"version_value": "2.20.11-0ubuntu22"
}
]
}
}
]
},
"vendor_name": "Canonical"
}
]
}
},
"configuration": [],
"credit": [
{
"lang": "eng",
"value": "Maximilien Bourgeteau"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Time-of-check Time-of-use Race Condition vulnerability on crash report ownership change in Apport allows for a possible privilege escalation opportunity. If fs.protected_symlinks is disabled, this can be exploited between the os.open and os.chown calls when the Apport cron script clears out crash files of size 0. A symlink with the same name as the deleted file can then be created upon which chown will be called, changing the file owner to root. Fixed in versions 2.20.1-0ubuntu2.23, 2.20.9-0ubuntu7.14, 2.20.11-0ubuntu8.8 and 2.20.11-0ubuntu22."
}
]
},
"exploit": [],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://usn.ubuntu.com/4315-1/",
"refsource": "CONFIRM",
"url": "https://usn.ubuntu.com/4315-1/"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1862933",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1862933"
},
{
"name": "USN-4315-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4315-2/"
}
]
},
"solution": [],
"source": {
"advisory": "https://usn.ubuntu.com/4315-1/",
"defect": [
"https://launchpad.net/bugs/1862933"
],
"discovery": "EXTERNAL"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2020-8833",
"datePublished": "2020-04-22T21:15:18.859159Z",
"dateReserved": "2020-02-10T00:00:00",
"dateUpdated": "2024-09-16T20:53:27.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-1318
Vulnerability from cvelistv5
Published
2015-04-17 17:00
Modified
2024-08-06 04:40
Severity ?
EPSS score ?
Summary
The crash reporting feature in Apport 2.13 through 2.17.x before 2.17.1 allows local users to gain privileges via a crafted usr/share/apport/apport file in a namespace (container).
References
| ▼ | URL | Tags |
|---|---|---|
| https://launchpad.net/apport/trunk/2.17.1 | x_refsource_CONFIRM | |
| https://bugs.launchpad.net/ubuntu/%2Bsource/apport/%2Bbug/1438758 | x_refsource_CONFIRM | |
| http://www.osvdb.org/120803 | vdb-entry, x_refsource_OSVDB | |
| https://www.exploit-db.com/exploits/36782/ | exploit, x_refsource_EXPLOIT-DB | |
| http://www.ubuntu.com/usn/USN-2569-1 | vendor-advisory, x_refsource_UBUNTU | |
| https://www.exploit-db.com/exploits/43971/ | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:40:18.256Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/apport/trunk/2.17.1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/%2Bsource/apport/%2Bbug/1438758"
},
{
"name": "120803",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/120803"
},
{
"name": "36782",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/36782/"
},
{
"name": "USN-2569-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2569-1"
},
{
"name": "43971",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/43971/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The crash reporting feature in Apport 2.13 through 2.17.x before 2.17.1 allows local users to gain privileges via a crafted usr/share/apport/apport file in a namespace (container)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-07T10:57:01",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/apport/trunk/2.17.1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/ubuntu/%2Bsource/apport/%2Bbug/1438758"
},
{
"name": "120803",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/120803"
},
{
"name": "36782",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/36782/"
},
{
"name": "USN-2569-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2569-1"
},
{
"name": "43971",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/43971/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2015-1318",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The crash reporting feature in Apport 2.13 through 2.17.x before 2.17.1 allows local users to gain privileges via a crafted usr/share/apport/apport file in a namespace (container)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.net/apport/trunk/2.17.1",
"refsource": "CONFIRM",
"url": "https://launchpad.net/apport/trunk/2.17.1"
},
{
"name": "https://bugs.launchpad.net/ubuntu/%2Bsource/apport/%2Bbug/1438758",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/%2Bsource/apport/%2Bbug/1438758"
},
{
"name": "120803",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/120803"
},
{
"name": "36782",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/36782/"
},
{
"name": "USN-2569-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2569-1"
},
{
"name": "43971",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43971/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2015-1318",
"datePublished": "2015-04-17T17:00:00",
"dateReserved": "2015-01-22T00:00:00",
"dateUpdated": "2024-08-06T04:40:18.256Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-28657
Vulnerability from cvelistv5
Published
2024-06-04 22:02
Modified
2024-08-03 05:56
Severity ?
EPSS score ?
Summary
Apport does not disable python crash handler before entering chroot
References
| ▼ | URL | Tags |
|---|---|---|
| https://ubuntu.com/security/notices/USN-5427-1 | vendor-advisory | |
| https://www.cve.org/CVERecord?id=CVE-2022-28657 | issue-tracking |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Canonical Ltd. | Apport |
Version: 0 ≤ |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:canonical:apport:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "apport",
"vendor": "canonical",
"versions": [
{
"lessThan": "2.21.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-28657",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-20T16:10:45.492438Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-20T16:14:22.228Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:56:16.428Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28657"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"packageName": "apport",
"platforms": [
"Linux"
],
"product": "Apport",
"repo": "https://github.com/canonical/apport",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "2.21.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gerrit Venema"
}
],
"descriptions": [
{
"lang": "en",
"value": "Apport does not disable python crash handler before entering chroot"
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T22:02:26.017Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28657"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2022-28657",
"datePublished": "2024-06-04T22:02:26.017Z",
"dateReserved": "2022-04-05T02:16:30.820Z",
"dateUpdated": "2024-08-03T05:56:16.428Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-11481
Vulnerability from cvelistv5
Published
2020-02-08 04:50
Modified
2024-09-16 23:25
Severity ?
EPSS score ?
Summary
Kevin Backhouse discovered that apport would read a user-supplied configuration file with elevated privileges. By replacing the file with a symbolic link, a user could get apport to read any file on the system as root, with unknown consequences.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:55:40.657Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://usn.ubuntu.com/usn/usn-4171-1"
},
{
"tags": [
"x_transferred"
],
"url": "https://usn.ubuntu.com/usn/usn-4171-2"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "apport",
"vendor": "Canonical",
"versions": [
{
"lessThan": "2.14.1-0ubuntu3.29+esm2",
"status": "affected",
"version": "2.14.1",
"versionType": "custom"
},
{
"lessThan": "2.20.1-0ubuntu2.20",
"status": "affected",
"version": "2.20.1",
"versionType": "custom"
},
{
"lessThan": "2.20.9-0ubuntu7.8",
"status": "affected",
"version": "2.20.9",
"versionType": "custom"
},
{
"lessThan": "2.20.11-0ubuntu8.1",
"status": "affected",
"version": "2.20.11",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Kevin Backhouse"
}
],
"datePublic": "2019-10-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Kevin Backhouse discovered that apport would read a user-supplied configuration file with elevated privileges. By replacing the file with a symbolic link, a user could get apport to read any file on the system as root, with unknown consequences."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Read user data with administrator privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-12T00:00:00",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"url": "https://usn.ubuntu.com/usn/usn-4171-1"
},
{
"url": "https://usn.ubuntu.com/usn/usn-4171-2"
},
{
"url": "http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html"
}
],
"source": {
"advisory": "https://usn.ubuntu.com/usn/usn-4171-1",
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1830862"
],
"discovery": "EXTERNAL"
},
"title": "Apport reads arbitrary files if ~/.config/apport/settings is a symlink",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2019-11481",
"datePublished": "2020-02-08T04:50:21.892355Z",
"dateReserved": "2019-04-23T00:00:00",
"dateUpdated": "2024-09-16T23:25:27.956Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-8831
Vulnerability from cvelistv5
Published
2020-04-22 21:15
Modified
2024-09-16 19:00
Severity ?
EPSS score ?
Summary
Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory. If the apport/ directory does not exist (this is not uncommon as /var/lock is a tmpfs), it will create the directory, otherwise it will simply continue execution using the existing directory. This allows for a symlink attack if an attacker were to create a symlink at /var/lock/apport, changing apport's lock file location. This file could then be used to escalate privileges, for example. Fixed in versions 2.20.1-0ubuntu2.23, 2.20.9-0ubuntu7.14, 2.20.11-0ubuntu8.8 and 2.20.11-0ubuntu22.
References
| ▼ | URL | Tags |
|---|---|---|
| https://launchpad.net/bugs/1862348 | x_refsource_CONFIRM | |
| https://usn.ubuntu.com/4315-1/ | x_refsource_CONFIRM | |
| https://usn.ubuntu.com/4315-2/ | vendor-advisory, x_refsource_UBUNTU |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:12:10.889Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/bugs/1862348"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4315-1/"
},
{
"name": "USN-4315-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4315-2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apport",
"vendor": "Canonical",
"versions": [
{
"lessThan": "2.20.1-0ubuntu2.23",
"status": "affected",
"version": "2.20.1",
"versionType": "custom"
},
{
"lessThan": "2.20.9-0ubuntu7.14",
"status": "affected",
"version": "2.20.9",
"versionType": "custom"
},
{
"changes": [
{
"at": "2.20.11-0ubuntu22",
"status": "unaffected"
}
],
"lessThan": "2.20.11-0ubuntu8.8",
"status": "affected",
"version": "2.20.11",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Maximilien Bourgeteau"
}
],
"datePublic": "2020-04-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory. If the apport/ directory does not exist (this is not uncommon as /var/lock is a tmpfs), it will create the directory, otherwise it will simply continue execution using the existing directory. This allows for a symlink attack if an attacker were to create a symlink at /var/lock/apport, changing apport\u0027s lock file location. This file could then be used to escalate privileges, for example. Fixed in versions 2.20.1-0ubuntu2.23, 2.20.9-0ubuntu7.14, 2.20.11-0ubuntu8.8 and 2.20.11-0ubuntu22."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-379",
"description": "CWE-379 Creation of Temporary File in Directory with Incorrect Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-24T20:06:02",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/bugs/1862348"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://usn.ubuntu.com/4315-1/"
},
{
"name": "USN-4315-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4315-2/"
}
],
"source": {
"advisory": "https://usn.ubuntu.com/4315-1/",
"defect": [
"https://launchpad.net/bugs/1862348"
],
"discovery": "EXTERNAL"
},
"title": "World writable root owned lock file created in user controllable location",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2020-04-02T03:04:00.000Z",
"ID": "CVE-2020-8831",
"STATE": "PUBLIC",
"TITLE": "World writable root owned lock file created in user controllable location"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apport",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c",
"version_name": "2.20.1",
"version_value": "2.20.1-0ubuntu2.23"
},
{
"platform": "",
"version_affected": "\u003c",
"version_name": "2.20.9",
"version_value": "2.20.9-0ubuntu7.14"
},
{
"platform": "",
"version_affected": "\u003c",
"version_name": "2.20.11",
"version_value": "2.20.11-0ubuntu8.8"
},
{
"platform": "",
"version_affected": "\u003c",
"version_name": "2.20.11",
"version_value": "2.20.11-0ubuntu22"
}
]
}
}
]
},
"vendor_name": "Canonical"
}
]
}
},
"configuration": [],
"credit": [
{
"lang": "eng",
"value": "Maximilien Bourgeteau"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory. If the apport/ directory does not exist (this is not uncommon as /var/lock is a tmpfs), it will create the directory, otherwise it will simply continue execution using the existing directory. This allows for a symlink attack if an attacker were to create a symlink at /var/lock/apport, changing apport\u0027s lock file location. This file could then be used to escalate privileges, for example. Fixed in versions 2.20.1-0ubuntu2.23, 2.20.9-0ubuntu7.14, 2.20.11-0ubuntu8.8 and 2.20.11-0ubuntu22."
}
]
},
"exploit": [],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-379 Creation of Temporary File in Directory with Incorrect Permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.net/bugs/1862348",
"refsource": "CONFIRM",
"url": "https://launchpad.net/bugs/1862348"
},
{
"name": "https://usn.ubuntu.com/4315-1/",
"refsource": "CONFIRM",
"url": "https://usn.ubuntu.com/4315-1/"
},
{
"name": "USN-4315-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4315-2/"
}
]
},
"solution": [],
"source": {
"advisory": "https://usn.ubuntu.com/4315-1/",
"defect": [
"https://launchpad.net/bugs/1862348"
],
"discovery": "EXTERNAL"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2020-8831",
"datePublished": "2020-04-22T21:15:18.418314Z",
"dateReserved": "2020-02-10T00:00:00",
"dateUpdated": "2024-09-16T19:00:55.009Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-28654
Vulnerability from cvelistv5
Published
2024-06-04 21:54
Modified
2024-10-27 17:48
Severity ?
EPSS score ?
Summary
is_closing_session() allows users to fill up apport.log
References
| ▼ | URL | Tags |
|---|---|---|
| https://ubuntu.com/security/notices/USN-5427-1 | vendor-advisory | |
| https://www.cve.org/CVERecord?id=CVE-2022-28654 | issue-tracking |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Canonical Ltd. | Apport |
Version: 0 ≤ |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:56:16.351Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28654"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-28654",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-07T20:34:31.535447Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-27T17:48:06.702Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "apport",
"platforms": [
"Linux"
],
"product": "Apport",
"repo": "https://github.com/canonical/apport",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "2.21.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gerrit Venema"
}
],
"descriptions": [
{
"lang": "en",
"value": "is_closing_session() allows users to fill up apport.log"
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T21:54:37.199Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28654"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2022-28654",
"datePublished": "2024-06-04T21:54:37.199Z",
"dateReserved": "2022-04-05T02:16:30.819Z",
"dateUpdated": "2024-10-27T17:48:06.702Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-11485
Vulnerability from cvelistv5
Published
2020-02-08 04:50
Modified
2024-09-16 16:57
Severity ?
EPSS score ?
Summary
Sander Bos discovered Apport's lock file was in a world-writable directory which allowed all users to prevent crash handling.
References
| ▼ | URL | Tags |
|---|---|---|
| https://usn.ubuntu.com/usn/usn-4171-1 | x_refsource_MISC | |
| https://usn.ubuntu.com/usn/usn-4171-2 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:55:40.473Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://usn.ubuntu.com/usn/usn-4171-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://usn.ubuntu.com/usn/usn-4171-2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "apport",
"vendor": "Canonical",
"versions": [
{
"lessThan": "2.14.1-0ubuntu3.29+esm2",
"status": "affected",
"version": "2.14.1",
"versionType": "custom"
},
{
"lessThan": "2.20.1-0ubuntu2.20",
"status": "affected",
"version": "2.20.1",
"versionType": "custom"
},
{
"lessThan": "2.20.9-0ubuntu7.8",
"status": "affected",
"version": "2.20.9",
"versionType": "custom"
},
{
"lessThan": "2.20.11-0ubuntu8.1",
"status": "affected",
"version": "2.20.11",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sander Bos"
}
],
"datePublic": "2019-10-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Sander Bos discovered Apport\u0027s lock file was in a world-writable directory which allowed all users to prevent crash handling."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-412",
"description": "CWE-412 Unrestricted Externally Accessible Lock",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-30T17:32:33",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://usn.ubuntu.com/usn/usn-4171-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://usn.ubuntu.com/usn/usn-4171-2"
}
],
"source": {
"advisory": "https://usn.ubuntu.com/usn/usn-4171-1",
"defect": [
"https://bugs.launchpad.net/apport/+bug/1839415"
],
"discovery": "EXTERNAL"
},
"title": "apport created lock file in wrong directory",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2019-10-29T00:00:00.000Z",
"ID": "CVE-2019-11485",
"STATE": "PUBLIC",
"TITLE": "apport created lock file in wrong directory"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "apport",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.14.1",
"version_value": "2.14.1-0ubuntu3.29+esm2"
},
{
"version_affected": "\u003c",
"version_name": "2.20.1",
"version_value": "2.20.1-0ubuntu2.20"
},
{
"version_affected": "\u003c",
"version_name": "2.20.9",
"version_value": "2.20.9-0ubuntu7.8"
},
{
"version_affected": "\u003c",
"version_name": "2.20.11",
"version_value": "2.20.11-0ubuntu8.1"
}
]
}
}
]
},
"vendor_name": "Canonical"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Sander Bos"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sander Bos discovered Apport\u0027s lock file was in a world-writable directory which allowed all users to prevent crash handling."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-412 Unrestricted Externally Accessible Lock"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://usn.ubuntu.com/usn/usn-4171-1",
"refsource": "MISC",
"url": "https://usn.ubuntu.com/usn/usn-4171-1"
},
{
"name": "https://usn.ubuntu.com/usn/usn-4171-2",
"refsource": "MISC",
"url": "https://usn.ubuntu.com/usn/usn-4171-2"
}
]
},
"source": {
"advisory": "https://usn.ubuntu.com/usn/usn-4171-1",
"defect": [
"https://bugs.launchpad.net/apport/+bug/1839415"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2019-11485",
"datePublished": "2020-02-08T04:50:23.604794Z",
"dateReserved": "2019-04-23T00:00:00",
"dateUpdated": "2024-09-16T16:57:41.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}