CVE-2018-6552

6 documents5 sources
Severity
7.8HIGH
EPSS
0.0%
top 90.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apport Project Apport
Timeline
PublishedMay 31
Latest updateMay 13

Description

Apport does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers. The is_same_ns() function returns True when /proc// does not exist in order to indicate that the crash should be handled in the global namespace rather than inside of a container. However, the portion of the data/apport code th

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5apport2.20.8-0ubuntu4unspecified+6
Ubuntuapport< 2.14.1-0ubuntu3.29+2
NVDapport_project/apport4 versions+3

🔴Vulnerability Details

3
GHSA
GHSA-4pgc-f487-53cr: Apport does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could2022-05-13
CVEList
Apport treats the container PID as the global PID when /proc/<global_pid>/ is missing2018-05-31
OSV
CVE-2018-6552: Apport does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could2018-05-30

📋Vendor Advisories

2
Ubuntu
Apport vulnerability2018-06-04
Ubuntu
Apport vulnerability2018-05-30