Search criteria
24 vulnerabilities by apport_project
CVE-2022-28658 (GCVE-0-2022-28658)
Vulnerability from cvelistv5 – Published: 2024-06-04 22:03 – Updated: 2024-10-27 14:58
VLAI?
Summary
Apport argument parsing mishandles filename splitting on older kernels resulting in argument spoofing
Severity ?
5.5 (Medium)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | Apport |
Affected:
0 , < 2.21.0
(semver)
|
Credits
Gerrit Venema
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:56:16.460Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28658"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-28658",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-19T13:49:23.848642Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-27T14:58:19.533Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "apport",
"platforms": [
"Linux"
],
"product": "Apport",
"repo": "https://github.com/canonical/apport",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "2.21.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gerrit Venema"
}
],
"descriptions": [
{
"lang": "en",
"value": "Apport argument parsing mishandles filename splitting on older kernels resulting in argument spoofing"
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T22:03:53.633Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28658"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2022-28658",
"datePublished": "2024-06-04T22:03:53.633Z",
"dateReserved": "2022-04-05T02:16:30.820Z",
"dateUpdated": "2024-10-27T14:58:19.533Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28657 (GCVE-0-2022-28657)
Vulnerability from cvelistv5 – Published: 2024-06-04 22:02 – Updated: 2024-08-03 05:56
VLAI?
Summary
Apport does not disable python crash handler before entering chroot
Severity ?
7.8 (High)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | Apport |
Affected:
0 , < 2.21.0
(semver)
|
Credits
Gerrit Venema
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:canonical:apport:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "apport",
"vendor": "canonical",
"versions": [
{
"lessThan": "2.21.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-28657",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-20T16:10:45.492438Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-20T16:14:22.228Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:56:16.428Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28657"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"packageName": "apport",
"platforms": [
"Linux"
],
"product": "Apport",
"repo": "https://github.com/canonical/apport",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "2.21.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gerrit Venema"
}
],
"descriptions": [
{
"lang": "en",
"value": "Apport does not disable python crash handler before entering chroot"
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T22:02:26.017Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28657"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2022-28657",
"datePublished": "2024-06-04T22:02:26.017Z",
"dateReserved": "2022-04-05T02:16:30.820Z",
"dateUpdated": "2024-08-03T05:56:16.428Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28656 (GCVE-0-2022-28656)
Vulnerability from cvelistv5 – Published: 2024-06-04 21:58 – Updated: 2025-03-19 17:42
VLAI?
Summary
is_closing_session() allows users to consume RAM in the Apport process
Severity ?
5.5 (Medium)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | Apport |
Affected:
0 , < 2.21.0
(semver)
|
Credits
Gerrit Venema
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:56:16.393Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28656"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-28656",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-05T15:36:41.217327Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-19T17:42:19.680Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "apport",
"platforms": [
"Linux"
],
"product": "Apport",
"repo": "https://github.com/canonical/apport",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "2.21.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gerrit Venema"
}
],
"descriptions": [
{
"lang": "en",
"value": "is_closing_session() allows users to consume RAM in the Apport process"
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T21:58:44.839Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28656"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2022-28656",
"datePublished": "2024-06-04T21:58:44.839Z",
"dateReserved": "2022-04-05T02:16:30.819Z",
"dateUpdated": "2025-03-19T17:42:19.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28655 (GCVE-0-2022-28655)
Vulnerability from cvelistv5 – Published: 2024-06-04 21:56 – Updated: 2024-10-27 17:49
VLAI?
Summary
is_closing_session() allows users to create arbitrary tcp dbus connections
Severity ?
7.1 (High)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | Apport |
Affected:
0 , < 2.21.0
(semver)
|
Credits
Gerrit Venema
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:56:16.459Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28655"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-28655",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T14:08:24.480412Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-27T17:49:04.264Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "apport",
"platforms": [
"Linux"
],
"product": "Apport",
"repo": "https://github.com/canonical/apport",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "2.21.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gerrit Venema"
}
],
"descriptions": [
{
"lang": "en",
"value": "is_closing_session() allows users to create arbitrary tcp dbus connections"
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T21:56:50.616Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28655"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2022-28655",
"datePublished": "2024-06-04T21:56:50.616Z",
"dateReserved": "2022-04-05T02:16:30.819Z",
"dateUpdated": "2024-10-27T17:49:04.264Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28654 (GCVE-0-2022-28654)
Vulnerability from cvelistv5 – Published: 2024-06-04 21:54 – Updated: 2024-10-27 17:48
VLAI?
Summary
is_closing_session() allows users to fill up apport.log
Severity ?
5.5 (Medium)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | Apport |
Affected:
0 , < 2.21.0
(semver)
|
Credits
Gerrit Venema
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:56:16.351Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28654"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-28654",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-07T20:34:31.535447Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-27T17:48:06.702Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "apport",
"platforms": [
"Linux"
],
"product": "Apport",
"repo": "https://github.com/canonical/apport",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "2.21.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gerrit Venema"
}
],
"descriptions": [
{
"lang": "en",
"value": "is_closing_session() allows users to fill up apport.log"
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T21:54:37.199Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28654"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2022-28654",
"datePublished": "2024-06-04T21:54:37.199Z",
"dateReserved": "2022-04-05T02:16:30.819Z",
"dateUpdated": "2024-10-27T17:48:06.702Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28652 (GCVE-0-2022-28652)
Vulnerability from cvelistv5 – Published: 2024-06-04 21:38 – Updated: 2025-03-13 18:21
VLAI?
Summary
~/.config/apport/settings parsing is vulnerable to "billion laughs" attack
Severity ?
5.5 (Medium)
CWE
- CWE-776 - Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | Apport |
Affected:
0 , < 2.21.0
(semver)
|
Credits
Gerrit Venema
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:56:16.323Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28652"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-28652",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-05T17:47:40.492996Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-776",
"description": "CWE-776 Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T18:21:18.146Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "apport",
"platforms": [
"Linux"
],
"product": "Apport",
"repo": "https://github.com/canonical/apport",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "2.21.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gerrit Venema"
}
],
"descriptions": [
{
"lang": "en",
"value": "~/.config/apport/settings parsing is vulnerable to \"billion laughs\" attack"
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T21:38:44.324Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://ubuntu.com/security/notices/USN-5427-1"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28652"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2022-28652",
"datePublished": "2024-06-04T21:38:44.324Z",
"dateReserved": "2022-04-05T02:16:30.818Z",
"dateUpdated": "2025-03-13T18:21:18.146Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15790 (GCVE-0-2019-15790)
Vulnerability from cvelistv5 – Published: 2020-04-27 23:25 – Updated: 2025-11-03 19:25
VLAI?
Summary
Apport reads and writes information on a crashed process to /proc/pid with elevated privileges. Apport then determines which user the crashed process belongs to by reading /proc/pid through get_pid_info() in data/apport. An unprivileged user could exploit this to read information about a privileged running process by exploiting PID recycling. This information could then be used to obtain ASLR offsets for a process with an existing memory corruption vulnerability. The initial fix introduced regressions in the Python Apport library due to a missing argument in Report.add_proc_environ in apport/report.py. It also caused an autopkgtest failure when reading /proc/pid and with Python 2 compatibility by reading /proc maps. The initial and subsequent regression fixes are in 2.20.11-0ubuntu16, 2.20.11-0ubuntu8.6, 2.20.9-0ubuntu7.12, 2.20.1-0ubuntu2.22 and 2.14.1-0ubuntu3.29+esm3.
Severity ?
CWE
- CWE-250 - Execution with Unnecessary Privileges
Assigner
References
Impacted products
Credits
Kevin Backhouse
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:25:26.757Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1839795"
},
{
"tags": [
"x_transferred"
],
"url": "https://usn.ubuntu.com/4171-1/"
},
{
"tags": [
"x_transferred"
],
"url": "https://usn.ubuntu.com/4171-2/"
},
{
"tags": [
"x_transferred"
],
"url": "https://usn.ubuntu.com/4171-3/"
},
{
"tags": [
"x_transferred"
],
"url": "https://usn.ubuntu.com/4171-4/"
},
{
"tags": [
"x_transferred"
],
"url": "https://usn.ubuntu.com/4171-5/"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1850929"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1851806"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.launchpad.net/apport/+bug/1854237"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Jun/9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apport",
"vendor": "Canonical",
"versions": [
{
"lessThan": "2.14.1-0ubuntu3.29+esm3",
"status": "affected",
"version": "2.14.1",
"versionType": "custom"
},
{
"lessThan": "2.20.1-0ubuntu2.22",
"status": "affected",
"version": "2.20.1",
"versionType": "custom"
},
{
"lessThan": "2.20.9-0ubuntu7.12",
"status": "affected",
"version": "2.20.9",
"versionType": "custom"
},
{
"changes": [
{
"at": "2.20.11-0ubuntu16",
"status": "unaffected"
}
],
"lessThan": "2.20.11-0ubuntu8.6",
"status": "affected",
"version": "2.20.11",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Kevin Backhouse"
}
],
"datePublic": "2019-10-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Apport reads and writes information on a crashed process to /proc/pid with elevated privileges. Apport then determines which user the crashed process belongs to by reading /proc/pid through get_pid_info() in data/apport. An unprivileged user could exploit this to read information about a privileged running process by exploiting PID recycling. This information could then be used to obtain ASLR offsets for a process with an existing memory corruption vulnerability. The initial fix introduced regressions in the Python Apport library due to a missing argument in Report.add_proc_environ in apport/report.py. It also caused an autopkgtest failure when reading /proc/pid and with Python 2 compatibility by reading /proc maps. The initial and subsequent regression fixes are in 2.20.11-0ubuntu16, 2.20.11-0ubuntu8.6, 2.20.9-0ubuntu7.12, 2.20.1-0ubuntu2.22 and 2.14.1-0ubuntu3.29+esm3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250 Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-12T00:00:00.000Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1839795"
},
{
"url": "https://usn.ubuntu.com/4171-1/"
},
{
"url": "https://usn.ubuntu.com/4171-2/"
},
{
"url": "https://usn.ubuntu.com/4171-3/"
},
{
"url": "https://usn.ubuntu.com/4171-4/"
},
{
"url": "https://usn.ubuntu.com/4171-5/"
},
{
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1850929"
},
{
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1851806"
},
{
"url": "https://bugs.launchpad.net/apport/+bug/1854237"
},
{
"url": "http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html"
}
],
"source": {
"advisory": "https://usn.ubuntu.com/4171-1/",
"defect": [
"https://launchpad.net/bugs/1839795"
],
"discovery": "EXTERNAL"
},
"title": "Apport reads PID files with elevated privileges",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2019-15790",
"datePublished": "2020-04-27T23:25:19.961Z",
"dateReserved": "2019-08-29T00:00:00.000Z",
"dateUpdated": "2025-11-03T19:25:26.757Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-8833 (GCVE-0-2020-8833)
Vulnerability from cvelistv5 – Published: 2020-04-22 21:15 – Updated: 2024-09-16 20:53
VLAI?
Summary
Time-of-check Time-of-use Race Condition vulnerability on crash report ownership change in Apport allows for a possible privilege escalation opportunity. If fs.protected_symlinks is disabled, this can be exploited between the os.open and os.chown calls when the Apport cron script clears out crash files of size 0. A symlink with the same name as the deleted file can then be created upon which chown will be called, changing the file owner to root. Fixed in versions 2.20.1-0ubuntu2.23, 2.20.9-0ubuntu7.14, 2.20.11-0ubuntu8.8 and 2.20.11-0ubuntu22.
Severity ?
5.6 (Medium)
CWE
- CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
Credits
Maximilien Bourgeteau
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:12:10.622Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4315-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1862933"
},
{
"name": "USN-4315-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4315-2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apport",
"vendor": "Canonical",
"versions": [
{
"lessThan": "2.20.1-0ubuntu2.23",
"status": "affected",
"version": "2.20.1",
"versionType": "custom"
},
{
"lessThan": "2.20.9-0ubuntu7.14",
"status": "affected",
"version": "2.20.9",
"versionType": "custom"
},
{
"changes": [
{
"at": "2.20.11-0ubuntu22",
"status": "unaffected"
}
],
"lessThan": "2.20.11-0ubuntu8.8",
"status": "affected",
"version": "2.20.11",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Maximilien Bourgeteau"
}
],
"datePublic": "2020-04-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Time-of-check Time-of-use Race Condition vulnerability on crash report ownership change in Apport allows for a possible privilege escalation opportunity. If fs.protected_symlinks is disabled, this can be exploited between the os.open and os.chown calls when the Apport cron script clears out crash files of size 0. A symlink with the same name as the deleted file can then be created upon which chown will be called, changing the file owner to root. Fixed in versions 2.20.1-0ubuntu2.23, 2.20.9-0ubuntu7.14, 2.20.11-0ubuntu8.8 and 2.20.11-0ubuntu22."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-24T20:06:03",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://usn.ubuntu.com/4315-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1862933"
},
{
"name": "USN-4315-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4315-2/"
}
],
"source": {
"advisory": "https://usn.ubuntu.com/4315-1/",
"defect": [
"https://launchpad.net/bugs/1862933"
],
"discovery": "EXTERNAL"
},
"title": "Apport race condition in crash report permissions",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2020-04-02T00:43:00.000Z",
"ID": "CVE-2020-8833",
"STATE": "PUBLIC",
"TITLE": "Apport race condition in crash report permissions"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apport",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c",
"version_name": "2.20.1",
"version_value": "2.20.1-0ubuntu2.23"
},
{
"platform": "",
"version_affected": "\u003c",
"version_name": "2.20.9",
"version_value": "2.20.9-0ubuntu7.14"
},
{
"platform": "",
"version_affected": "\u003c",
"version_name": "2.20.11",
"version_value": "2.20.11-0ubuntu8.8"
},
{
"platform": "",
"version_affected": "\u003c",
"version_name": "2.20.11",
"version_value": "2.20.11-0ubuntu22"
}
]
}
}
]
},
"vendor_name": "Canonical"
}
]
}
},
"configuration": [],
"credit": [
{
"lang": "eng",
"value": "Maximilien Bourgeteau"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Time-of-check Time-of-use Race Condition vulnerability on crash report ownership change in Apport allows for a possible privilege escalation opportunity. If fs.protected_symlinks is disabled, this can be exploited between the os.open and os.chown calls when the Apport cron script clears out crash files of size 0. A symlink with the same name as the deleted file can then be created upon which chown will be called, changing the file owner to root. Fixed in versions 2.20.1-0ubuntu2.23, 2.20.9-0ubuntu7.14, 2.20.11-0ubuntu8.8 and 2.20.11-0ubuntu22."
}
]
},
"exploit": [],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://usn.ubuntu.com/4315-1/",
"refsource": "CONFIRM",
"url": "https://usn.ubuntu.com/4315-1/"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1862933",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1862933"
},
{
"name": "USN-4315-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4315-2/"
}
]
},
"solution": [],
"source": {
"advisory": "https://usn.ubuntu.com/4315-1/",
"defect": [
"https://launchpad.net/bugs/1862933"
],
"discovery": "EXTERNAL"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2020-8833",
"datePublished": "2020-04-22T21:15:18.859159Z",
"dateReserved": "2020-02-10T00:00:00",
"dateUpdated": "2024-09-16T20:53:27.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8831 (GCVE-0-2020-8831)
Vulnerability from cvelistv5 – Published: 2020-04-22 21:15 – Updated: 2024-09-16 19:00
VLAI?
Summary
Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory. If the apport/ directory does not exist (this is not uncommon as /var/lock is a tmpfs), it will create the directory, otherwise it will simply continue execution using the existing directory. This allows for a symlink attack if an attacker were to create a symlink at /var/lock/apport, changing apport's lock file location. This file could then be used to escalate privileges, for example. Fixed in versions 2.20.1-0ubuntu2.23, 2.20.9-0ubuntu7.14, 2.20.11-0ubuntu8.8 and 2.20.11-0ubuntu22.
Severity ?
6.5 (Medium)
CWE
- CWE-379 - Creation of Temporary File in Directory with Incorrect Permissions
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
Credits
Maximilien Bourgeteau
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:12:10.889Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/bugs/1862348"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4315-1/"
},
{
"name": "USN-4315-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4315-2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apport",
"vendor": "Canonical",
"versions": [
{
"lessThan": "2.20.1-0ubuntu2.23",
"status": "affected",
"version": "2.20.1",
"versionType": "custom"
},
{
"lessThan": "2.20.9-0ubuntu7.14",
"status": "affected",
"version": "2.20.9",
"versionType": "custom"
},
{
"changes": [
{
"at": "2.20.11-0ubuntu22",
"status": "unaffected"
}
],
"lessThan": "2.20.11-0ubuntu8.8",
"status": "affected",
"version": "2.20.11",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Maximilien Bourgeteau"
}
],
"datePublic": "2020-04-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory. If the apport/ directory does not exist (this is not uncommon as /var/lock is a tmpfs), it will create the directory, otherwise it will simply continue execution using the existing directory. This allows for a symlink attack if an attacker were to create a symlink at /var/lock/apport, changing apport\u0027s lock file location. This file could then be used to escalate privileges, for example. Fixed in versions 2.20.1-0ubuntu2.23, 2.20.9-0ubuntu7.14, 2.20.11-0ubuntu8.8 and 2.20.11-0ubuntu22."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-379",
"description": "CWE-379 Creation of Temporary File in Directory with Incorrect Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-24T20:06:02",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/bugs/1862348"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://usn.ubuntu.com/4315-1/"
},
{
"name": "USN-4315-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4315-2/"
}
],
"source": {
"advisory": "https://usn.ubuntu.com/4315-1/",
"defect": [
"https://launchpad.net/bugs/1862348"
],
"discovery": "EXTERNAL"
},
"title": "World writable root owned lock file created in user controllable location",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2020-04-02T03:04:00.000Z",
"ID": "CVE-2020-8831",
"STATE": "PUBLIC",
"TITLE": "World writable root owned lock file created in user controllable location"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apport",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c",
"version_name": "2.20.1",
"version_value": "2.20.1-0ubuntu2.23"
},
{
"platform": "",
"version_affected": "\u003c",
"version_name": "2.20.9",
"version_value": "2.20.9-0ubuntu7.14"
},
{
"platform": "",
"version_affected": "\u003c",
"version_name": "2.20.11",
"version_value": "2.20.11-0ubuntu8.8"
},
{
"platform": "",
"version_affected": "\u003c",
"version_name": "2.20.11",
"version_value": "2.20.11-0ubuntu22"
}
]
}
}
]
},
"vendor_name": "Canonical"
}
]
}
},
"configuration": [],
"credit": [
{
"lang": "eng",
"value": "Maximilien Bourgeteau"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory. If the apport/ directory does not exist (this is not uncommon as /var/lock is a tmpfs), it will create the directory, otherwise it will simply continue execution using the existing directory. This allows for a symlink attack if an attacker were to create a symlink at /var/lock/apport, changing apport\u0027s lock file location. This file could then be used to escalate privileges, for example. Fixed in versions 2.20.1-0ubuntu2.23, 2.20.9-0ubuntu7.14, 2.20.11-0ubuntu8.8 and 2.20.11-0ubuntu22."
}
]
},
"exploit": [],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-379 Creation of Temporary File in Directory with Incorrect Permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.net/bugs/1862348",
"refsource": "CONFIRM",
"url": "https://launchpad.net/bugs/1862348"
},
{
"name": "https://usn.ubuntu.com/4315-1/",
"refsource": "CONFIRM",
"url": "https://usn.ubuntu.com/4315-1/"
},
{
"name": "USN-4315-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4315-2/"
}
]
},
"solution": [],
"source": {
"advisory": "https://usn.ubuntu.com/4315-1/",
"defect": [
"https://launchpad.net/bugs/1862348"
],
"discovery": "EXTERNAL"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2020-8831",
"datePublished": "2020-04-22T21:15:18.418314Z",
"dateReserved": "2020-02-10T00:00:00",
"dateUpdated": "2024-09-16T19:00:55.009Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11485 (GCVE-0-2019-11485)
Vulnerability from cvelistv5 – Published: 2020-02-08 04:50 – Updated: 2024-09-16 16:57
VLAI?
Summary
Sander Bos discovered Apport's lock file was in a world-writable directory which allowed all users to prevent crash handling.
Severity ?
CWE
- CWE-412 - Unrestricted Externally Accessible Lock
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
Credits
Sander Bos
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:55:40.473Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://usn.ubuntu.com/usn/usn-4171-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://usn.ubuntu.com/usn/usn-4171-2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "apport",
"vendor": "Canonical",
"versions": [
{
"lessThan": "2.14.1-0ubuntu3.29+esm2",
"status": "affected",
"version": "2.14.1",
"versionType": "custom"
},
{
"lessThan": "2.20.1-0ubuntu2.20",
"status": "affected",
"version": "2.20.1",
"versionType": "custom"
},
{
"lessThan": "2.20.9-0ubuntu7.8",
"status": "affected",
"version": "2.20.9",
"versionType": "custom"
},
{
"lessThan": "2.20.11-0ubuntu8.1",
"status": "affected",
"version": "2.20.11",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sander Bos"
}
],
"datePublic": "2019-10-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Sander Bos discovered Apport\u0027s lock file was in a world-writable directory which allowed all users to prevent crash handling."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-412",
"description": "CWE-412 Unrestricted Externally Accessible Lock",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-30T17:32:33",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://usn.ubuntu.com/usn/usn-4171-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://usn.ubuntu.com/usn/usn-4171-2"
}
],
"source": {
"advisory": "https://usn.ubuntu.com/usn/usn-4171-1",
"defect": [
"https://bugs.launchpad.net/apport/+bug/1839415"
],
"discovery": "EXTERNAL"
},
"title": "apport created lock file in wrong directory",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2019-10-29T00:00:00.000Z",
"ID": "CVE-2019-11485",
"STATE": "PUBLIC",
"TITLE": "apport created lock file in wrong directory"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "apport",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.14.1",
"version_value": "2.14.1-0ubuntu3.29+esm2"
},
{
"version_affected": "\u003c",
"version_name": "2.20.1",
"version_value": "2.20.1-0ubuntu2.20"
},
{
"version_affected": "\u003c",
"version_name": "2.20.9",
"version_value": "2.20.9-0ubuntu7.8"
},
{
"version_affected": "\u003c",
"version_name": "2.20.11",
"version_value": "2.20.11-0ubuntu8.1"
}
]
}
}
]
},
"vendor_name": "Canonical"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Sander Bos"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sander Bos discovered Apport\u0027s lock file was in a world-writable directory which allowed all users to prevent crash handling."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-412 Unrestricted Externally Accessible Lock"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://usn.ubuntu.com/usn/usn-4171-1",
"refsource": "MISC",
"url": "https://usn.ubuntu.com/usn/usn-4171-1"
},
{
"name": "https://usn.ubuntu.com/usn/usn-4171-2",
"refsource": "MISC",
"url": "https://usn.ubuntu.com/usn/usn-4171-2"
}
]
},
"source": {
"advisory": "https://usn.ubuntu.com/usn/usn-4171-1",
"defect": [
"https://bugs.launchpad.net/apport/+bug/1839415"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2019-11485",
"datePublished": "2020-02-08T04:50:23.604794Z",
"dateReserved": "2019-04-23T00:00:00",
"dateUpdated": "2024-09-16T16:57:41.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11482 (GCVE-0-2019-11482)
Vulnerability from cvelistv5 – Published: 2020-02-08 04:50 – Updated: 2024-09-17 00:00
VLAI?
Summary
Sander Bos discovered a time of check to time of use (TOCTTOU) vulnerability in apport that allowed a user to cause core files to be written in arbitrary directories.
Severity ?
4.2 (Medium)
CWE
- Read user data with administrator privileges
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
Credits
Sander Bos
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:55:40.394Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://usn.ubuntu.com/usn/usn-4171-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://usn.ubuntu.com/usn/usn-4171-2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "apport",
"vendor": "Canonical",
"versions": [
{
"lessThan": "2.14.1-0ubuntu3.29+esm2",
"status": "affected",
"version": "2.14.1",
"versionType": "custom"
},
{
"lessThan": "2.20.1-0ubuntu2.20",
"status": "affected",
"version": "2.20.1",
"versionType": "custom"
},
{
"lessThan": "2.20.9-0ubuntu7.8",
"status": "affected",
"version": "2.20.9",
"versionType": "custom"
},
{
"lessThan": "2.20.11-0ubuntu8.1",
"status": "affected",
"version": "2.20.11",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sander Bos"
}
],
"datePublic": "2019-10-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Sander Bos discovered a time of check to time of use (TOCTTOU) vulnerability in apport that allowed a user to cause core files to be written in arbitrary directories."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Read user data with administrator privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-08T04:50:22",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://usn.ubuntu.com/usn/usn-4171-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://usn.ubuntu.com/usn/usn-4171-2"
}
],
"source": {
"advisory": "https://usn.ubuntu.com/usn/usn-4171-1",
"defect": [
"https://bugs.launchpad.net/apport/+bug/1839413"
],
"discovery": "EXTERNAL"
},
"title": "Race condition between reading current working directory and writing a core dump",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2019-10-29T00:00:00.000Z",
"ID": "CVE-2019-11482",
"STATE": "PUBLIC",
"TITLE": "Race condition between reading current working directory and writing a core dump"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "apport",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.14.1",
"version_value": "2.14.1-0ubuntu3.29+esm2"
},
{
"version_affected": "\u003c",
"version_name": "2.20.1",
"version_value": "2.20.1-0ubuntu2.20"
},
{
"version_affected": "\u003c",
"version_name": "2.20.9",
"version_value": "2.20.9-0ubuntu7.8"
},
{
"version_affected": "\u003c",
"version_name": "2.20.11",
"version_value": "2.20.11-0ubuntu8.1"
}
]
}
}
]
},
"vendor_name": "Canonical"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Sander Bos"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sander Bos discovered a time of check to time of use (TOCTTOU) vulnerability in apport that allowed a user to cause core files to be written in arbitrary directories."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Read user data with administrator privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://usn.ubuntu.com/usn/usn-4171-1",
"refsource": "MISC",
"url": "https://usn.ubuntu.com/usn/usn-4171-1"
},
{
"name": "https://usn.ubuntu.com/usn/usn-4171-2",
"refsource": "MISC",
"url": "https://usn.ubuntu.com/usn/usn-4171-2"
}
]
},
"source": {
"advisory": "https://usn.ubuntu.com/usn/usn-4171-1",
"defect": [
"https://bugs.launchpad.net/apport/+bug/1839413"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2019-11482",
"datePublished": "2020-02-08T04:50:22.302773Z",
"dateReserved": "2019-04-23T00:00:00",
"dateUpdated": "2024-09-17T00:00:44.526Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11483 (GCVE-0-2019-11483)
Vulnerability from cvelistv5 – Published: 2020-02-08 04:50 – Updated: 2025-11-03 19:25
VLAI?
Summary
Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user.
Severity ?
CWE
- Read user data with administrator privileges
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
Credits
Sander Bos
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:25:22.572Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://usn.ubuntu.com/usn/usn-4171-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://usn.ubuntu.com/usn/usn-4171-2"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Jun/9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "apport",
"vendor": "Canonical",
"versions": [
{
"lessThan": "2.14.1-0ubuntu3.29+esm2",
"status": "affected",
"version": "2.14.1",
"versionType": "custom"
},
{
"lessThan": "2.20.1-0ubuntu2.20",
"status": "affected",
"version": "2.20.1",
"versionType": "custom"
},
{
"lessThan": "2.20.9-0ubuntu7.8",
"status": "affected",
"version": "2.20.9",
"versionType": "custom"
},
{
"lessThan": "2.20.11-0ubuntu8.1",
"status": "affected",
"version": "2.20.11",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sander Bos"
}
],
"datePublic": "2019-10-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Read user data with administrator privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-08T04:50:22.000Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://usn.ubuntu.com/usn/usn-4171-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://usn.ubuntu.com/usn/usn-4171-2"
}
],
"source": {
"advisory": "https://usn.ubuntu.com/usn/usn-4171-1",
"defect": [
"https://bugs.launchpad.net/apport/+bug/1839413"
],
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2019-10-29T00:00:00.000Z",
"ID": "CVE-2019-11483",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "apport",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.14.1",
"version_value": "2.14.1-0ubuntu3.29+esm2"
},
{
"version_affected": "\u003c",
"version_name": "2.20.1",
"version_value": "2.20.1-0ubuntu2.20"
},
{
"version_affected": "\u003c",
"version_name": "2.20.9",
"version_value": "2.20.9-0ubuntu7.8"
},
{
"version_affected": "\u003c",
"version_name": "2.20.11",
"version_value": "2.20.11-0ubuntu8.1"
}
]
}
}
]
},
"vendor_name": "Canonical"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Sander Bos"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Read user data with administrator privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://usn.ubuntu.com/usn/usn-4171-1",
"refsource": "MISC",
"url": "https://usn.ubuntu.com/usn/usn-4171-1"
},
{
"name": "https://usn.ubuntu.com/usn/usn-4171-2",
"refsource": "MISC",
"url": "https://usn.ubuntu.com/usn/usn-4171-2"
}
]
},
"source": {
"advisory": "https://usn.ubuntu.com/usn/usn-4171-1",
"defect": [
"https://bugs.launchpad.net/apport/+bug/1839413"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2019-11483",
"datePublished": "2020-02-08T04:50:22.806Z",
"dateReserved": "2019-04-23T00:00:00.000Z",
"dateUpdated": "2025-11-03T19:25:22.572Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-11481 (GCVE-0-2019-11481)
Vulnerability from cvelistv5 – Published: 2020-02-08 04:50 – Updated: 2024-09-16 23:25
VLAI?
Summary
Kevin Backhouse discovered that apport would read a user-supplied configuration file with elevated privileges. By replacing the file with a symbolic link, a user could get apport to read any file on the system as root, with unknown consequences.
Severity ?
CWE
- Read user data with administrator privileges
Assigner
References
Impacted products
Credits
Kevin Backhouse
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:55:40.657Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://usn.ubuntu.com/usn/usn-4171-1"
},
{
"tags": [
"x_transferred"
],
"url": "https://usn.ubuntu.com/usn/usn-4171-2"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "apport",
"vendor": "Canonical",
"versions": [
{
"lessThan": "2.14.1-0ubuntu3.29+esm2",
"status": "affected",
"version": "2.14.1",
"versionType": "custom"
},
{
"lessThan": "2.20.1-0ubuntu2.20",
"status": "affected",
"version": "2.20.1",
"versionType": "custom"
},
{
"lessThan": "2.20.9-0ubuntu7.8",
"status": "affected",
"version": "2.20.9",
"versionType": "custom"
},
{
"lessThan": "2.20.11-0ubuntu8.1",
"status": "affected",
"version": "2.20.11",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Kevin Backhouse"
}
],
"datePublic": "2019-10-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Kevin Backhouse discovered that apport would read a user-supplied configuration file with elevated privileges. By replacing the file with a symbolic link, a user could get apport to read any file on the system as root, with unknown consequences."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Read user data with administrator privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-12T00:00:00",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"url": "https://usn.ubuntu.com/usn/usn-4171-1"
},
{
"url": "https://usn.ubuntu.com/usn/usn-4171-2"
},
{
"url": "http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html"
}
],
"source": {
"advisory": "https://usn.ubuntu.com/usn/usn-4171-1",
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1830862"
],
"discovery": "EXTERNAL"
},
"title": "Apport reads arbitrary files if ~/.config/apport/settings is a symlink",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2019-11481",
"datePublished": "2020-02-08T04:50:21.892355Z",
"dateReserved": "2019-04-23T00:00:00",
"dateUpdated": "2024-09-16T23:25:27.956Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-7307 (GCVE-0-2019-7307)
Vulnerability from cvelistv5 – Published: 2019-08-29 14:40 – Updated: 2024-09-16 23:56
VLAI?
Summary
Apport before versions 2.14.1-0ubuntu3.29+esm1, 2.20.1-0ubuntu2.19, 2.20.9-0ubuntu7.7, 2.20.10-0ubuntu27.1, 2.20.11-0ubuntu5 contained a TOCTTOU vulnerability when reading the users ~/.apport-ignore.xml file, which allows a local attacker to replace this file with a symlink to any other file on the system and so cause Apport to include the contents of this other file in the resulting crash report. The crash report could then be read by that user either by causing it to be uploaded and reported to Launchpad, or by leveraging some other vulnerability to read the resulting crash report, and so allow the user to read arbitrary files on the system.
Severity ?
6.5 (Medium)
CWE
- CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Assigner
References
Impacted products
Credits
Kevin Backhouse of Semmle Security Research Team
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:46:46.148Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7307.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/%2Bsource/apport/%2Bbug/1830858"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "apport",
"vendor": "Ubuntu",
"versions": [
{
"status": "affected",
"version": "before 2.14.1-0ubuntu3.29+esm1"
},
{
"status": "affected",
"version": "before 2.20.1-0ubuntu2.19"
},
{
"status": "affected",
"version": "before 2.20.9-0ubuntu7.7"
},
{
"status": "affected",
"version": "before 2.20.10-0ubuntu27.1"
},
{
"status": "affected",
"version": "before 2.20.11-0ubuntu5"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Kevin Backhouse of Semmle Security Research Team"
}
],
"datePublic": "2019-07-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apport before versions 2.14.1-0ubuntu3.29+esm1, 2.20.1-0ubuntu2.19, 2.20.9-0ubuntu7.7, 2.20.10-0ubuntu27.1, 2.20.11-0ubuntu5 contained a TOCTTOU vulnerability when reading the users ~/.apport-ignore.xml file, which allows a local attacker to replace this file with a symlink to any other file on the system and so cause Apport to include the contents of this other file in the resulting crash report. The crash report could then be read by that user either by causing it to be uploaded and reported to Launchpad, or by leveraging some other vulnerability to read the resulting crash report, and so allow the user to read arbitrary files on the system."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-12T00:00:00",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"url": "https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7307.html"
},
{
"url": "https://bugs.launchpad.net/ubuntu/%2Bsource/apport/%2Bbug/1830858"
},
{
"url": "http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html"
}
],
"source": {
"advisory": "https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7307.html",
"defect": [
"https://bugs.launchpad.net/ubuntu/%2Bsource/apport/%2Bbug/1830858"
],
"discovery": "EXTERNAL"
},
"title": "Apport contains a TOCTTOU vulnerability when reading the users ~/.apport-ignore.xml",
"x_generator": {
"engine": "Vulnogram 0.0.7"
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2019-7307",
"datePublished": "2019-08-29T14:40:18.750978Z",
"dateReserved": "2019-02-01T00:00:00",
"dateUpdated": "2024-09-16T23:56:02.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6552 (GCVE-0-2018-6552)
Vulnerability from cvelistv5 – Published: 2018-05-31 22:00 – Updated: 2024-09-17 03:07
VLAI?
Summary
Apport does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers. The is_same_ns() function returns True when /proc/<global pid>/ does not exist in order to indicate that the crash should be handled in the global namespace rather than inside of a container. However, the portion of the data/apport code that decides whether or not to forward a crash to a container does not always replace sys.argv[1] with the value stored in the host_pid variable when /proc/<global pid>/ does not exist which results in the container pid being used in the global namespace. This flaw affects versions 2.20.8-0ubuntu4 through 2.20.9-0ubuntu7, 2.20.7-0ubuntu3.7, 2.20.7-0ubuntu3.8, 2.20.1-0ubuntu2.15 through 2.20.1-0ubuntu2.17, and 2.14.1-0ubuntu3.28.
Severity ?
No CVSS data available.
CWE
- Denial of service via resource exhaustion, privilege escalation, and escape from containers
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
Credits
Sander Bos
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:10:10.228Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3664-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/usn/usn-3664-1"
},
{
"name": "USN-3664-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3664-2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Ubuntu 18.04"
],
"product": "Apport",
"vendor": "n/a",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.20.8-0ubuntu4",
"versionType": "custom"
},
{
"lessThan": "2.20.9-0ubuntu7.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"Ubuntu 16.04"
],
"product": "Apport",
"vendor": "n/a",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.20.1-0ubuntu2.15",
"versionType": "custom"
},
{
"lessThan": "2.20.1-0ubuntu2.18",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"Ubuntu 17.10"
],
"product": "Apport",
"vendor": "n/a",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.20.7-0ubuntu3.7",
"versionType": "custom"
},
{
"lessThan": "2.20.7-0ubuntu3.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"Ubuntu 14.04"
],
"product": "Apport",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.14.1-0ubuntu3.28"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sander Bos"
}
],
"datePublic": "2018-05-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apport does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers. The is_same_ns() function returns True when /proc/\u003cglobal pid\u003e/ does not exist in order to indicate that the crash should be handled in the global namespace rather than inside of a container. However, the portion of the data/apport code that decides whether or not to forward a crash to a container does not always replace sys.argv[1] with the value stored in the host_pid variable when /proc/\u003cglobal pid\u003e/ does not exist which results in the container pid being used in the global namespace. This flaw affects versions 2.20.8-0ubuntu4 through 2.20.9-0ubuntu7, 2.20.7-0ubuntu3.7, 2.20.7-0ubuntu3.8, 2.20.1-0ubuntu2.15 through 2.20.1-0ubuntu2.17, and 2.14.1-0ubuntu3.28."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service via resource exhaustion, privilege escalation, and escape from containers",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-08T18:57:01",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "USN-3664-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/usn/usn-3664-1"
},
{
"name": "USN-3664-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3664-2/"
}
],
"source": {
"advisory": "USN-3664-1",
"defect": [
"1746668"
],
"discovery": "EXTERNAL"
},
"title": "Apport treats the container PID as the global PID when /proc/\u003cglobal_pid\u003e/ is missing",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2018-05-30T18:00:00.000Z",
"ID": "CVE-2018-6552",
"STATE": "PUBLIC",
"TITLE": "Apport treats the container PID as the global PID when /proc/\u003cglobal_pid\u003e/ is missing"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apport",
"version": {
"version_data": [
{
"affected": "\u003e=",
"platform": "Ubuntu 18.04",
"version_affected": "\u003e=",
"version_value": "2.20.8-0ubuntu4"
},
{
"affected": "\u003c",
"platform": "Ubuntu 18.04",
"version_affected": "\u003c",
"version_value": "2.20.9-0ubuntu7.1"
},
{
"affected": "\u003e=",
"platform": "Ubuntu 16.04",
"version_affected": "\u003e=",
"version_value": "2.20.1-0ubuntu2.15"
},
{
"affected": "\u003c",
"platform": "Ubuntu 16.04",
"version_affected": "\u003c",
"version_value": "2.20.1-0ubuntu2.18"
},
{
"affected": "\u003e=",
"platform": "Ubuntu 17.10",
"version_affected": "\u003e=",
"version_value": "2.20.7-0ubuntu3.7"
},
{
"affected": "\u003c",
"platform": "Ubuntu 17.10",
"version_affected": "\u003c",
"version_value": "2.20.7-0ubuntu3.9"
},
{
"affected": "=",
"platform": "Ubuntu 14.04",
"version_affected": "=",
"version_value": "2.14.1-0ubuntu3.28"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Sander Bos"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apport does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers. The is_same_ns() function returns True when /proc/\u003cglobal pid\u003e/ does not exist in order to indicate that the crash should be handled in the global namespace rather than inside of a container. However, the portion of the data/apport code that decides whether or not to forward a crash to a container does not always replace sys.argv[1] with the value stored in the host_pid variable when /proc/\u003cglobal pid\u003e/ does not exist which results in the container pid being used in the global namespace. This flaw affects versions 2.20.8-0ubuntu4 through 2.20.9-0ubuntu7, 2.20.7-0ubuntu3.7, 2.20.7-0ubuntu3.8, 2.20.1-0ubuntu2.15 through 2.20.1-0ubuntu2.17, and 2.14.1-0ubuntu3.28."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service via resource exhaustion, privilege escalation, and escape from containers"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3664-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/usn/usn-3664-1"
},
{
"name": "USN-3664-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3664-2/"
}
]
},
"source": {
"advisory": "USN-3664-1",
"defect": [
"1746668"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2018-6552",
"datePublished": "2018-05-31T22:00:00Z",
"dateReserved": "2018-02-02T00:00:00",
"dateUpdated": "2024-09-17T03:07:21.752Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14180 (GCVE-0-2017-14180)
Vulnerability from cvelistv5 – Published: 2018-02-02 14:00 – Updated: 2025-11-03 19:25
VLAI?
Summary
Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges, a different vulnerability than CVE-2017-14179.
Severity ?
No CVSS data available.
CWE
- Denial of service via resource exhaustion and privilege escalation
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Credits
Sander Bos
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:25:18.350Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bazaar.launchpad.net/~apport-hackers/apport/trunk/revision/3171"
},
{
"name": "USN-3480-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/usn/usn-3480-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/bugs/1726372"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-14180"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Jun/9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apport",
"vendor": "na/",
"versions": [
{
"status": "affected",
"version": "2.13 through 2.20.7"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sander Bos"
}
],
"datePublic": "2017-11-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges, a different vulnerability than CVE-2017-14179."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service via resource exhaustion and privilege escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-02T13:57:01.000Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bazaar.launchpad.net/~apport-hackers/apport/trunk/revision/3171"
},
{
"name": "USN-3480-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/usn/usn-3480-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/bugs/1726372"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-14180"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2017-11-15T19:00:00.000Z",
"ID": "CVE-2017-14180",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apport",
"version": {
"version_data": [
{
"version_value": "2.13 through 2.20.7"
}
]
}
}
]
},
"vendor_name": "na/"
}
]
}
},
"credit": [
"Sander Bos"
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges, a different vulnerability than CVE-2017-14179."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service via resource exhaustion and privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bazaar.launchpad.net/~apport-hackers/apport/trunk/revision/3171",
"refsource": "CONFIRM",
"url": "https://bazaar.launchpad.net/~apport-hackers/apport/trunk/revision/3171"
},
{
"name": "USN-3480-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/usn/usn-3480-1"
},
{
"name": "https://launchpad.net/bugs/1726372",
"refsource": "CONFIRM",
"url": "https://launchpad.net/bugs/1726372"
},
{
"name": "https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-14180",
"refsource": "CONFIRM",
"url": "https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-14180"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2017-14180",
"datePublished": "2018-02-02T14:00:00.000Z",
"dateReserved": "2017-09-07T00:00:00.000Z",
"dateUpdated": "2025-11-03T19:25:18.350Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2017-14179 (GCVE-0-2017-14179)
Vulnerability from cvelistv5 – Published: 2018-02-02 14:00 – Updated: 2024-09-16 20:42
VLAI?
Summary
Apport before 2.13 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers.
Severity ?
No CVSS data available.
CWE
- Denial of service via resource exhaustion, privilege escalation, and escape from containers
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Credits
Sander Bos
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:20:40.820Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-14179"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/bugs/1726372"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apport",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before 2.13"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sander Bos"
}
],
"datePublic": "2017-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apport before 2.13 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service via resource exhaustion, privilege escalation, and escape from containers",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-02T13:57:01",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-14179"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/bugs/1726372"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2017-11-15T19:00:00.000Z",
"ID": "CVE-2017-14179",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apport",
"version": {
"version_data": [
{
"version_value": "before 2.13"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
"Sander Bos"
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apport before 2.13 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service via resource exhaustion, privilege escalation, and escape from containers"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-14179",
"refsource": "CONFIRM",
"url": "https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-14179"
},
{
"name": "https://launchpad.net/bugs/1726372",
"refsource": "CONFIRM",
"url": "https://launchpad.net/bugs/1726372"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2017-14179",
"datePublished": "2018-02-02T14:00:00Z",
"dateReserved": "2017-09-07T00:00:00",
"dateUpdated": "2024-09-16T20:42:06.537Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14177 (GCVE-0-2017-14177)
Vulnerability from cvelistv5 – Published: 2018-02-02 14:00 – Updated: 2024-09-17 00:15
VLAI?
Summary
Apport through 2.20.7 does not properly handle core dumps from setuid binaries allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1324.
Severity ?
No CVSS data available.
CWE
- Denial of service via resource exhaustion and privilege escalation
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Credits
Sander Bos
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:20:40.651Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-14177"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bazaar.launchpad.net/~apport-hackers/apport/trunk/revision/3171"
},
{
"name": "USN-3480-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/usn/usn-3480-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/bugs/1726372"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apport",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "through 2.20.7"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Sander Bos"
}
],
"datePublic": "2017-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apport through 2.20.7 does not properly handle core dumps from setuid binaries allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1324."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service via resource exhaustion and privilege escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-02T13:57:01",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-14177"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bazaar.launchpad.net/~apport-hackers/apport/trunk/revision/3171"
},
{
"name": "USN-3480-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/usn/usn-3480-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/bugs/1726372"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2017-11-15T19:00:00.000Z",
"ID": "CVE-2017-14177",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apport",
"version": {
"version_data": [
{
"version_value": "through 2.20.7"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
"Sander Bos"
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apport through 2.20.7 does not properly handle core dumps from setuid binaries allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1324."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service via resource exhaustion and privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-14177",
"refsource": "CONFIRM",
"url": "https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-14177"
},
{
"name": "https://bazaar.launchpad.net/~apport-hackers/apport/trunk/revision/3171",
"refsource": "CONFIRM",
"url": "https://bazaar.launchpad.net/~apport-hackers/apport/trunk/revision/3171"
},
{
"name": "USN-3480-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/usn/usn-3480-1"
},
{
"name": "https://launchpad.net/bugs/1726372",
"refsource": "CONFIRM",
"url": "https://launchpad.net/bugs/1726372"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2017-14177",
"datePublished": "2018-02-02T14:00:00Z",
"dateReserved": "2017-09-07T00:00:00",
"dateUpdated": "2024-09-17T00:15:35.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10708 (GCVE-0-2017-10708)
Vulnerability from cvelistv5 – Published: 2017-07-18 20:00 – Updated: 2024-08-05 17:41
VLAI?
Summary
An issue was discovered in Apport through 2.20.x. In apport/report.py, Apport sets the ExecutablePath field and it then uses the path to run package specific hooks without protecting against path traversal. This allows remote attackers to execute arbitrary code via a crafted .crash file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:41:55.621Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/ubuntu/+source/apport/+changelog"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/bugs/1700573"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Apport through 2.20.x. In apport/report.py, Apport sets the ExecutablePath field and it then uses the path to run package specific hooks without protecting against path traversal. This allows remote attackers to execute arbitrary code via a crafted .crash file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-18T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/ubuntu/+source/apport/+changelog"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/bugs/1700573"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10708",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Apport through 2.20.x. In apport/report.py, Apport sets the ExecutablePath field and it then uses the path to run package specific hooks without protecting against path traversal. This allows remote attackers to execute arbitrary code via a crafted .crash file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.net/ubuntu/+source/apport/+changelog",
"refsource": "CONFIRM",
"url": "https://launchpad.net/ubuntu/+source/apport/+changelog"
},
{
"name": "https://launchpad.net/bugs/1700573",
"refsource": "CONFIRM",
"url": "https://launchpad.net/bugs/1700573"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10708",
"datePublished": "2017-07-18T20:00:00",
"dateReserved": "2017-06-30T00:00:00",
"dateUpdated": "2024-08-05T17:41:55.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9949 (GCVE-0-2016-9949)
Vulnerability from cvelistv5 – Published: 2016-12-17 03:34 – Updated: 2024-08-06 03:07
VLAI?
Summary
An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "{". This allows remote attackers to execute arbitrary Python code.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:31.413Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/DonnchaC/ubuntu-apport-exploitation"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://donncha.is/2016/12/compromising-ubuntu-desktop/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/apport/+bug/1648806"
},
{
"name": "95011",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95011"
},
{
"name": "USN-3157-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3157-1"
},
{
"name": "40937",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40937/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a \"{\". This allows remote attackers to execute arbitrary Python code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-04T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/DonnchaC/ubuntu-apport-exploitation"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://donncha.is/2016/12/compromising-ubuntu-desktop/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/apport/+bug/1648806"
},
{
"name": "95011",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95011"
},
{
"name": "USN-3157-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3157-1"
},
{
"name": "40937",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40937/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9949",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a \"{\". This allows remote attackers to execute arbitrary Python code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/DonnchaC/ubuntu-apport-exploitation",
"refsource": "MISC",
"url": "https://github.com/DonnchaC/ubuntu-apport-exploitation"
},
{
"name": "https://donncha.is/2016/12/compromising-ubuntu-desktop/",
"refsource": "MISC",
"url": "https://donncha.is/2016/12/compromising-ubuntu-desktop/"
},
{
"name": "https://bugs.launchpad.net/apport/+bug/1648806",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/apport/+bug/1648806"
},
{
"name": "95011",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95011"
},
{
"name": "USN-3157-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3157-1"
},
{
"name": "40937",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40937/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9949",
"datePublished": "2016-12-17T03:34:00",
"dateReserved": "2016-12-14T00:00:00",
"dateUpdated": "2024-08-06T03:07:31.413Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9951 (GCVE-0-2016-9951)
Vulnerability from cvelistv5 – Published: 2016-12-17 03:34 – Updated: 2024-08-06 03:07
VLAI?
Summary
An issue was discovered in Apport before 2.20.4. A malicious Apport crash file can contain a restart command in `RespawnCommand` or `ProcCmdline` fields. This command will be executed if a user clicks the Relaunch button on the Apport prompt from the malicious crash file. The fix is to only show the Relaunch button on Apport crash files generated by local systems. The Relaunch button will be hidden when crash files are opened directly in Apport-GTK.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:32.111Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/DonnchaC/ubuntu-apport-exploitation"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://donncha.is/2016/12/compromising-ubuntu-desktop/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/apport/+bug/1648806"
},
{
"name": "95011",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95011"
},
{
"name": "USN-3157-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3157-1"
},
{
"name": "40937",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40937/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Apport before 2.20.4. A malicious Apport crash file can contain a restart command in `RespawnCommand` or `ProcCmdline` fields. This command will be executed if a user clicks the Relaunch button on the Apport prompt from the malicious crash file. The fix is to only show the Relaunch button on Apport crash files generated by local systems. The Relaunch button will be hidden when crash files are opened directly in Apport-GTK."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-04T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/DonnchaC/ubuntu-apport-exploitation"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://donncha.is/2016/12/compromising-ubuntu-desktop/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/apport/+bug/1648806"
},
{
"name": "95011",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95011"
},
{
"name": "USN-3157-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3157-1"
},
{
"name": "40937",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40937/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9951",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Apport before 2.20.4. A malicious Apport crash file can contain a restart command in `RespawnCommand` or `ProcCmdline` fields. This command will be executed if a user clicks the Relaunch button on the Apport prompt from the malicious crash file. The fix is to only show the Relaunch button on Apport crash files generated by local systems. The Relaunch button will be hidden when crash files are opened directly in Apport-GTK."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/DonnchaC/ubuntu-apport-exploitation",
"refsource": "MISC",
"url": "https://github.com/DonnchaC/ubuntu-apport-exploitation"
},
{
"name": "https://donncha.is/2016/12/compromising-ubuntu-desktop/",
"refsource": "MISC",
"url": "https://donncha.is/2016/12/compromising-ubuntu-desktop/"
},
{
"name": "https://bugs.launchpad.net/apport/+bug/1648806",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/apport/+bug/1648806"
},
{
"name": "95011",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95011"
},
{
"name": "USN-3157-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3157-1"
},
{
"name": "40937",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40937/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9951",
"datePublished": "2016-12-17T03:34:00",
"dateReserved": "2016-12-14T00:00:00",
"dateUpdated": "2024-08-06T03:07:32.111Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9950 (GCVE-0-2016-9950)
Vulnerability from cvelistv5 – Published: 2016-12-17 03:34 – Updated: 2024-08-06 03:07
VLAI?
Summary
An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file "Package" and "SourcePackage" fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory. An attacker can exploit this path traversal to execute arbitrary Python files from the local system.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:31.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/DonnchaC/ubuntu-apport-exploitation"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://donncha.is/2016/12/compromising-ubuntu-desktop/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/apport/+bug/1648806"
},
{
"name": "95011",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95011"
},
{
"name": "USN-3157-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-3157-1"
},
{
"name": "40937",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40937/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file \"Package\" and \"SourcePackage\" fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory. An attacker can exploit this path traversal to execute arbitrary Python files from the local system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-04T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/DonnchaC/ubuntu-apport-exploitation"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://donncha.is/2016/12/compromising-ubuntu-desktop/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/apport/+bug/1648806"
},
{
"name": "95011",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95011"
},
{
"name": "USN-3157-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-3157-1"
},
{
"name": "40937",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40937/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-9950",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file \"Package\" and \"SourcePackage\" fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory. An attacker can exploit this path traversal to execute arbitrary Python files from the local system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/DonnchaC/ubuntu-apport-exploitation",
"refsource": "MISC",
"url": "https://github.com/DonnchaC/ubuntu-apport-exploitation"
},
{
"name": "https://donncha.is/2016/12/compromising-ubuntu-desktop/",
"refsource": "MISC",
"url": "https://donncha.is/2016/12/compromising-ubuntu-desktop/"
},
{
"name": "https://bugs.launchpad.net/apport/+bug/1648806",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/apport/+bug/1648806"
},
{
"name": "95011",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95011"
},
{
"name": "USN-3157-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3157-1"
},
{
"name": "40937",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40937/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-9950",
"datePublished": "2016-12-17T03:34:00",
"dateReserved": "2016-12-14T00:00:00",
"dateUpdated": "2024-08-06T03:07:31.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1338 (GCVE-0-2015-1338)
Vulnerability from cvelistv5 – Published: 2015-10-01 20:00 – Updated: 2024-08-06 04:40
VLAI?
Summary
kernel_crashdump in Apport before 2.19 allows local users to cause a denial of service (disk consumption) or possibly gain privileges via a (1) symlink or (2) hard link attack on /var/crash/vmcore.log.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:40:18.528Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-2744-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2744-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/apport/trunk/2.19"
},
{
"name": "38353",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/38353/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1492570"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.halfdog.net/Security/2015/ApportKernelCrashdumpFileAccessVulnerabilities/"
},
{
"name": "20150927 Apport kernel_crashdump symlink vulnerability exploitation",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Sep/101"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/133723/Ubuntu-Apport-kernel_crashdump-Symlink.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "kernel_crashdump in Apport before 2.19 allows local users to cause a denial of service (disk consumption) or possibly gain privileges via a (1) symlink or (2) hard link attack on /var/crash/vmcore.log."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-10-01T19:57:01",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "USN-2744-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2744-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/apport/trunk/2.19"
},
{
"name": "38353",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/38353/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1492570"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.halfdog.net/Security/2015/ApportKernelCrashdumpFileAccessVulnerabilities/"
},
{
"name": "20150927 Apport kernel_crashdump symlink vulnerability exploitation",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Sep/101"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/133723/Ubuntu-Apport-kernel_crashdump-Symlink.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2015-1338",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "kernel_crashdump in Apport before 2.19 allows local users to cause a denial of service (disk consumption) or possibly gain privileges via a (1) symlink or (2) hard link attack on /var/crash/vmcore.log."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2744-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2744-1"
},
{
"name": "https://launchpad.net/apport/trunk/2.19",
"refsource": "CONFIRM",
"url": "https://launchpad.net/apport/trunk/2.19"
},
{
"name": "38353",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/38353/"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1492570",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1492570"
},
{
"name": "http://www.halfdog.net/Security/2015/ApportKernelCrashdumpFileAccessVulnerabilities/",
"refsource": "MISC",
"url": "http://www.halfdog.net/Security/2015/ApportKernelCrashdumpFileAccessVulnerabilities/"
},
{
"name": "20150927 Apport kernel_crashdump symlink vulnerability exploitation",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Sep/101"
},
{
"name": "http://packetstormsecurity.com/files/133723/Ubuntu-Apport-kernel_crashdump-Symlink.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133723/Ubuntu-Apport-kernel_crashdump-Symlink.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2015-1338",
"datePublished": "2015-10-01T20:00:00",
"dateReserved": "2015-01-22T00:00:00",
"dateUpdated": "2024-08-06T04:40:18.528Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1318 (GCVE-0-2015-1318)
Vulnerability from cvelistv5 – Published: 2015-04-17 17:00 – Updated: 2025-11-03 19:25
VLAI?
Summary
The crash reporting feature in Apport 2.13 through 2.17.x before 2.17.1 allows local users to gain privileges via a crafted usr/share/apport/apport file in a namespace (container).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:25:15.372Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/apport/trunk/2.17.1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/%2Bsource/apport/%2Bbug/1438758"
},
{
"name": "120803",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/120803"
},
{
"name": "36782",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/36782/"
},
{
"name": "USN-2569-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2569-1"
},
{
"name": "43971",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/43971/"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Jun/9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The crash reporting feature in Apport 2.13 through 2.17.x before 2.17.1 allows local users to gain privileges via a crafted usr/share/apport/apport file in a namespace (container)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-07T10:57:01.000Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/apport/trunk/2.17.1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/ubuntu/%2Bsource/apport/%2Bbug/1438758"
},
{
"name": "120803",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/120803"
},
{
"name": "36782",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/36782/"
},
{
"name": "USN-2569-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2569-1"
},
{
"name": "43971",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/43971/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2015-1318",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The crash reporting feature in Apport 2.13 through 2.17.x before 2.17.1 allows local users to gain privileges via a crafted usr/share/apport/apport file in a namespace (container)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.net/apport/trunk/2.17.1",
"refsource": "CONFIRM",
"url": "https://launchpad.net/apport/trunk/2.17.1"
},
{
"name": "https://bugs.launchpad.net/ubuntu/%2Bsource/apport/%2Bbug/1438758",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/%2Bsource/apport/%2Bbug/1438758"
},
{
"name": "120803",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/120803"
},
{
"name": "36782",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/36782/"
},
{
"name": "USN-2569-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2569-1"
},
{
"name": "43971",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43971/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2015-1318",
"datePublished": "2015-04-17T17:00:00.000Z",
"dateReserved": "2015-01-22T00:00:00.000Z",
"dateUpdated": "2025-11-03T19:25:15.372Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}