CVE-2019-15790
Vulnerability from cvelistv5
Published
2020-04-27 23:25
Modified
2024-09-16 20:43
Severity ?
2.8 (Low) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
Summary
Apport reads and writes information on a crashed process to /proc/pid with elevated privileges. Apport then determines which user the crashed process belongs to by reading /proc/pid through get_pid_info() in data/apport. An unprivileged user could exploit this to read information about a privileged running process by exploiting PID recycling. This information could then be used to obtain ASLR offsets for a process with an existing memory corruption vulnerability. The initial fix introduced regressions in the Python Apport library due to a missing argument in Report.add_proc_environ in apport/report.py. It also caused an autopkgtest failure when reading /proc/pid and with Python 2 compatibility by reading /proc maps. The initial and subsequent regression fixes are in 2.20.11-0ubuntu16, 2.20.11-0ubuntu8.6, 2.20.9-0ubuntu7.12, 2.20.1-0ubuntu2.22 and 2.14.1-0ubuntu3.29+esm3.
References
security@ubuntu.comhttp://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html
security@ubuntu.comhttps://bugs.launchpad.net/apport/+bug/1854237Issue Tracking, Third Party Advisory
security@ubuntu.comhttps://bugs.launchpad.net/ubuntu/+source/apport/+bug/1839795Exploit, Issue Tracking, Third Party Advisory
security@ubuntu.comhttps://bugs.launchpad.net/ubuntu/+source/apport/+bug/1850929Exploit, Issue Tracking, Patch, Third Party Advisory
security@ubuntu.comhttps://bugs.launchpad.net/ubuntu/+source/apport/+bug/1851806Exploit, Issue Tracking, Third Party Advisory
security@ubuntu.comhttps://usn.ubuntu.com/4171-1/Third Party Advisory
security@ubuntu.comhttps://usn.ubuntu.com/4171-2/Third Party Advisory
security@ubuntu.comhttps://usn.ubuntu.com/4171-3/Third Party Advisory
security@ubuntu.comhttps://usn.ubuntu.com/4171-4/Third Party Advisory
security@ubuntu.comhttps://usn.ubuntu.com/4171-5/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html
af854a3a-2127-422b-91ae-364da2661108https://bugs.launchpad.net/apport/+bug/1854237Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1839795Exploit, Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1850929Exploit, Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1851806Exploit, Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4171-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4171-2/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4171-3/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4171-4/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4171-5/Third Party Advisory
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:56:22.465Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1839795"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4171-1/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4171-2/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4171-3/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4171-4/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4171-5/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1850929"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1851806"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugs.launchpad.net/apport/+bug/1854237"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apport",
          "vendor": "Canonical",
          "versions": [
            {
              "lessThan": "2.14.1-0ubuntu3.29+esm3",
              "status": "affected",
              "version": "2.14.1",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.1-0ubuntu2.22",
              "status": "affected",
              "version": "2.20.1",
              "versionType": "custom"
            },
            {
              "lessThan": "2.20.9-0ubuntu7.12",
              "status": "affected",
              "version": "2.20.9",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "2.20.11-0ubuntu16",
                  "status": "unaffected"
                }
              ],
              "lessThan": "2.20.11-0ubuntu8.6",
              "status": "affected",
              "version": "2.20.11",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Kevin Backhouse"
        }
      ],
      "datePublic": "2019-10-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Apport reads and writes information on a crashed process to /proc/pid with elevated privileges. Apport then determines which user the crashed process belongs to by reading /proc/pid through get_pid_info() in data/apport. An unprivileged user could exploit this to read information about a privileged running process by exploiting PID recycling. This information could then be used to obtain ASLR offsets for a process with an existing memory corruption vulnerability. The initial fix introduced regressions in the Python Apport library due to a missing argument in Report.add_proc_environ in apport/report.py. It also caused an autopkgtest failure when reading /proc/pid and with Python 2 compatibility by reading /proc maps. The initial and subsequent regression fixes are in 2.20.11-0ubuntu16, 2.20.11-0ubuntu8.6, 2.20.9-0ubuntu7.12, 2.20.1-0ubuntu2.22 and 2.14.1-0ubuntu3.29+esm3."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-250",
              "description": "CWE-250 Execution with Unnecessary Privileges",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-12T00:00:00",
        "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "shortName": "canonical"
      },
      "references": [
        {
          "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1839795"
        },
        {
          "url": "https://usn.ubuntu.com/4171-1/"
        },
        {
          "url": "https://usn.ubuntu.com/4171-2/"
        },
        {
          "url": "https://usn.ubuntu.com/4171-3/"
        },
        {
          "url": "https://usn.ubuntu.com/4171-4/"
        },
        {
          "url": "https://usn.ubuntu.com/4171-5/"
        },
        {
          "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1850929"
        },
        {
          "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1851806"
        },
        {
          "url": "https://bugs.launchpad.net/apport/+bug/1854237"
        },
        {
          "url": "http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html"
        }
      ],
      "source": {
        "advisory": "https://usn.ubuntu.com/4171-1/",
        "defect": [
          "https://launchpad.net/bugs/1839795"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Apport reads PID files with elevated privileges",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
    "assignerShortName": "canonical",
    "cveId": "CVE-2019-15790",
    "datePublished": "2020-04-27T23:25:19.961303Z",
    "dateReserved": "2019-08-29T00:00:00",
    "dateUpdated": "2024-09-16T20:43:33.638Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apport_project:apport:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"47363193-B4DB-4654-BFAC-373426212337\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*\", \"matchCriteriaId\": \"815D70A8-47D3-459C-A32C-9FEACA0659D1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CD783B0C-9246-47D9-A937-6144FE8BFF0F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A31C8344-3E02-4EB8-8BD8-4C84B7959624\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Apport reads and writes information on a crashed process to /proc/pid with elevated privileges. Apport then determines which user the crashed process belongs to by reading /proc/pid through get_pid_info() in data/apport. An unprivileged user could exploit this to read information about a privileged running process by exploiting PID recycling. This information could then be used to obtain ASLR offsets for a process with an existing memory corruption vulnerability. The initial fix introduced regressions in the Python Apport library due to a missing argument in Report.add_proc_environ in apport/report.py. It also caused an autopkgtest failure when reading /proc/pid and with Python 2 compatibility by reading /proc maps. The initial and subsequent regression fixes are in 2.20.11-0ubuntu16, 2.20.11-0ubuntu8.6, 2.20.9-0ubuntu7.12, 2.20.1-0ubuntu2.22 and 2.14.1-0ubuntu3.29+esm3.\"}, {\"lang\": \"es\", \"value\": \"Apport lee y escribe informaci\\u00f3n sobre un proceso bloqueado en /proc/pid con privilegios elevados. Apport determina a qu\\u00e9 usuario pertenece el proceso bloqueado leyendo /proc/pid por medio de la funci\\u00f3n get_pid_info() en el archivo data/apport. Un usuario no privilegiado podr\\u00eda aprovechar esto para leer informaci\\u00f3n sobre un proceso de ejecuci\\u00f3n privilegiado al explotar el reciclaje PID. Esta informaci\\u00f3n podr\\u00eda ser usada para obtener compensaciones de ASLR para un proceso con una vulnerabilidad de corrupci\\u00f3n de la memoria existente. La correcci\\u00f3n inicial introdujo regresiones en la biblioteca Python de Apport debido a la falta de argumento en Report.add_proc_environ en apport/report.py. Tambi\\u00e9n caus\\u00f3 un fallo de autopkgtest cuando se lee /proc/pid y con la compatibilidad con Python 2 por medio de la lectura de mapas /proc. Las correcciones de regresi\\u00f3n iniciales y posteriores est\\u00e1n en las versiones 2.20.11-0ubuntu16, 2.20.11-0ubuntu8.6, 2.20.9-0ubuntu7.12, 2.20.1-0ubuntu2.22 y 2.14.1-0ubuntu3.29+esm3.\"}]",
      "id": "CVE-2019-15790",
      "lastModified": "2024-11-21T04:29:28.330",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security@ubuntu.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N\", \"baseScore\": 2.8, \"baseSeverity\": \"LOW\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.1, \"impactScore\": 1.4}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 3.3, \"baseSeverity\": \"LOW\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 1.4}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 2.1, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 3.9, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-04-28T00:15:12.913",
      "references": "[{\"url\": \"http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html\", \"source\": \"security@ubuntu.com\"}, {\"url\": \"https://bugs.launchpad.net/apport/+bug/1854237\", \"source\": \"security@ubuntu.com\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1839795\", \"source\": \"security@ubuntu.com\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1850929\", \"source\": \"security@ubuntu.com\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1851806\", \"source\": \"security@ubuntu.com\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/4171-1/\", \"source\": \"security@ubuntu.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/4171-2/\", \"source\": \"security@ubuntu.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/4171-3/\", \"source\": \"security@ubuntu.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/4171-4/\", \"source\": \"security@ubuntu.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/4171-5/\", \"source\": \"security@ubuntu.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://bugs.launchpad.net/apport/+bug/1854237\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1839795\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1850929\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1851806\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/4171-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/4171-2/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/4171-3/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/4171-4/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/4171-5/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "security@ubuntu.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security@ubuntu.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-250\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-269\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-15790\",\"sourceIdentifier\":\"security@ubuntu.com\",\"published\":\"2020-04-28T00:15:12.913\",\"lastModified\":\"2024-11-21T04:29:28.330\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Apport reads and writes information on a crashed process to /proc/pid with elevated privileges. Apport then determines which user the crashed process belongs to by reading /proc/pid through get_pid_info() in data/apport. An unprivileged user could exploit this to read information about a privileged running process by exploiting PID recycling. This information could then be used to obtain ASLR offsets for a process with an existing memory corruption vulnerability. The initial fix introduced regressions in the Python Apport library due to a missing argument in Report.add_proc_environ in apport/report.py. It also caused an autopkgtest failure when reading /proc/pid and with Python 2 compatibility by reading /proc maps. The initial and subsequent regression fixes are in 2.20.11-0ubuntu16, 2.20.11-0ubuntu8.6, 2.20.9-0ubuntu7.12, 2.20.1-0ubuntu2.22 and 2.14.1-0ubuntu3.29+esm3.\"},{\"lang\":\"es\",\"value\":\"Apport lee y escribe informaci\u00f3n sobre un proceso bloqueado en /proc/pid con privilegios elevados. Apport determina a qu\u00e9 usuario pertenece el proceso bloqueado leyendo /proc/pid por medio de la funci\u00f3n get_pid_info() en el archivo data/apport. Un usuario no privilegiado podr\u00eda aprovechar esto para leer informaci\u00f3n sobre un proceso de ejecuci\u00f3n privilegiado al explotar el reciclaje PID. Esta informaci\u00f3n podr\u00eda ser usada para obtener compensaciones de ASLR para un proceso con una vulnerabilidad de corrupci\u00f3n de la memoria existente. La correcci\u00f3n inicial introdujo regresiones en la biblioteca Python de Apport debido a la falta de argumento en Report.add_proc_environ en apport/report.py. Tambi\u00e9n caus\u00f3 un fallo de autopkgtest cuando se lee /proc/pid y con la compatibilidad con Python 2 por medio de la lectura de mapas /proc. Las correcciones de regresi\u00f3n iniciales y posteriores est\u00e1n en las versiones 2.20.11-0ubuntu16, 2.20.11-0ubuntu8.6, 2.20.9-0ubuntu7.12, 2.20.1-0ubuntu2.22 y 2.14.1-0ubuntu3.29+esm3.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@ubuntu.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N\",\"baseScore\":2.8,\"baseSeverity\":\"LOW\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.1,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":3.3,\"baseSeverity\":\"LOW\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security@ubuntu.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-250\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-269\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apport_project:apport:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"47363193-B4DB-4654-BFAC-373426212337\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*\",\"matchCriteriaId\":\"815D70A8-47D3-459C-A32C-9FEACA0659D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD783B0C-9246-47D9-A937-6144FE8BFF0F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A31C8344-3E02-4EB8-8BD8-4C84B7959624\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html\",\"source\":\"security@ubuntu.com\"},{\"url\":\"https://bugs.launchpad.net/apport/+bug/1854237\",\"source\":\"security@ubuntu.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1839795\",\"source\":\"security@ubuntu.com\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1850929\",\"source\":\"security@ubuntu.com\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1851806\",\"source\":\"security@ubuntu.com\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4171-1/\",\"source\":\"security@ubuntu.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4171-2/\",\"source\":\"security@ubuntu.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4171-3/\",\"source\":\"security@ubuntu.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4171-4/\",\"source\":\"security@ubuntu.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4171-5/\",\"source\":\"security@ubuntu.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugs.launchpad.net/apport/+bug/1854237\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1839795\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1850929\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1851806\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4171-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4171-2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4171-3/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4171-4/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/4171-5/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.