CVE-2018-6552
published 2018-05-31CVE-2018-6552: Apport does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage…
PriorityP337high7.8CVSS 3.0
AVLACLPRLUINSUCHIHAH
EPSS
0.39%
30.7th percentile
Apport does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers. The is_same_ns() function returns True when /proc// does not exist in order to indicate that the crash should be handled in the global namespace rather than inside of a container. However, the portion of the data/apport code that decides whether or not to forward a crash to a container does not always replace sys.argv[1] with the value stored in the host_pid variable when /proc// does not exist which results in the container pid being used in the global namespace. This flaw affects versions 2.20.8-0ubuntu4 through 2.20.9-0ubuntu7, 2.20.7-0ubuntu3.7, 2.20.7-0ubuntu3.8, 2.20.1-0ubuntu2.15 through 2.20.1-0ubuntu2.17, and 2.14.1-0ubuntu3.28.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apport_project | apport | — | — |
| apport_project | apport | — | — |
| apport_project | apport | — | — |
| apport_project | apport | — | — |
| apport_project | apport | — | — |
| apport_project | apport | >= 0 < 2.14.1-0ubuntu3.29 | 2.14.1-0ubuntu3.29 |
| apport_project | apport | >= 0 < 2.20.1-0ubuntu2.18 | 2.20.1-0ubuntu2.18 |
| apport_project | apport | >= 0 < 2.20.9-0ubuntu7.1 | 2.20.9-0ubuntu7.1 |
| apport_project | apport | >= 2.20.1-0ubuntu2.15 < unspecified | unspecified |
| apport_project | apport | >= 2.20.7-0ubuntu3.7 < unspecified | unspecified |
| apport_project | apport | >= 2.20.8-0ubuntu4 < unspecified | unspecified |
| apport_project | apport | >= unspecified < 2.20.9-0ubuntu7.1 | 2.20.9-0ubuntu7.1 |
| apport_project | apport | >= unspecified < 2.20.1-0ubuntu2.18 | 2.20.1-0ubuntu2.18 |
| apport_project | apport | >= unspecified < 2.20.7-0ubuntu3.9 | 2.20.7-0ubuntu3.9 |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
osv7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Apport vulnerability
vendor_ubuntu·2018-06-04
CVE-2018-6552 Apport vulnerability
Title: Apport vulnerability
Summary: Apport could be tricked into causing a denial of service or escalate
privileges.
USN-3664-1 fixed a vulnerability in Apport. Sander Bos reported that Ubuntu
14.04 LTS was also vulnerable to this issue, but was incorrectly omitted
from the previous updates. This update provides the corresponding update
for Ubuntu 14.04 LTS.
Original advisory details:
Sander Bos discovered that Apport incorrectly handled core dumps when
certain files are missing from /proc. A local attacker could possibly use
this issue to cause a denial of service, gain root privileges, or escape
from containers.
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
Apport vulnerability
vendor_ubuntu·2018-05-30
CVE-2018-6552 Apport vulnerability
Title: Apport vulnerability
Summary: Apport could be tricked into causing a denial of service or escalate
privileges.
Sander Bos discovered that Apport incorrectly handled core dumps when
certain files are missing from /proc. A local attacker could possibly use
this issue to cause a denial of service, gain root privileges, or escape
from containers.
Instructions: In general, a standard system update will make all the necessary changes.
GHSA
GHSA-4pgc-f487-53cr: Apport does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could
ghsa_unreviewed·2022-05-13
CVE-2018-6552 [HIGH] GHSA-4pgc-f487-53cr: Apport does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could
Apport does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers. The is_same_ns() function returns True when /proc// does not exist in order to indicate that the crash should be handled in the global namespace rather than inside of a container. However, the portion of the data/apport code that decides whether or not to forward a crash to a container does not always replace sys.argv[1] with the value stored in the host_pid variable when /proc// does not exist which results in the container pid being used in the global namespace. This flaw affects versions 2.20.8-0ubuntu4 through 2.20.9-
OSV
CVE-2018-6552: Apport does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could
osv·2018-05-30·CVSS 7.8
CVE-2018-6552 [HIGH] CVE-2018-6552: Apport does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could
Apport does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers. The is_same_ns() function returns True when /proc// does not exist in order to indicate that the crash should be handled in the global namespace rather than inside of a container. However, the portion of the data/apport code that decides whether or not to forward a crash to a container does not always replace sys.argv[1] with the value stored in the host_pid variable when /proc// does not exist which results in the container pid being used in the global namespace. This flaw affects versions 2.20.8-0ubuntu4 through 2.20.9-
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-05-31
Published