CVE-2019-11481
published 2020-02-08CVE-2019-11481: Kevin Backhouse discovered that apport would read a user-supplied configuration file with elevated privileges. By replacing the file with a symbolic link, a…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
Kevin Backhouse discovered that apport would read a user-supplied configuration file with elevated privileges. By replacing the file with a symbolic link, a user could get apport to read any file on the system as root, with unknown consequences.
Affected
20 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apport_project | apport | >= 0 < 2.20.1-0ubuntu2.20 | 2.20.1-0ubuntu2.20 |
| apport_project | apport | >= 0 < 2.20.1-0ubuntu2.21 | 2.20.1-0ubuntu2.21 |
| apport_project | apport | >= 0 < 2.20.1-0ubuntu2.27 | 2.20.1-0ubuntu2.27 |
| apport_project | apport | >= 0 < 2.20.1-0ubuntu2.22 | 2.20.1-0ubuntu2.22 |
| apport_project | apport | >= 0 < 2.20.9-0ubuntu7.8 | 2.20.9-0ubuntu7.8 |
| apport_project | apport | >= 0 < 2.20.9-0ubuntu7.9 | 2.20.9-0ubuntu7.9 |
| apport_project | apport | >= 0 < 2.20.9-0ubuntu7.20 | 2.20.9-0ubuntu7.20 |
| apport_project | apport | >= 0 < 2.20.9-0ubuntu7.12 | 2.20.9-0ubuntu7.12 |
| apport_project | apport | >= 0 < 2.20.11-0ubuntu27.12 | 2.20.11-0ubuntu27.12 |
| apport_project | apport | >= 0 < 2.14.1-0ubuntu3.29+esm2 | 2.14.1-0ubuntu3.29+esm2 |
| apport_project | apport | >= 0 < 2.14.1-0ubuntu3.29+esm3 | 2.14.1-0ubuntu3.29+esm3 |
| canonical | apport | >= 2.14.1 < 2.14.1-0ubuntu3.29+esm2 | 2.14.1-0ubuntu3.29+esm2 |
| canonical | apport | >= 2.20.1 < 2.20.1-0ubuntu2.20 | 2.20.1-0ubuntu2.20 |
| canonical | apport | >= 2.20.11 < 2.20.11-0ubuntu8.1 | 2.20.11-0ubuntu8.1 |
| canonical | apport | >= 2.20.9 < 2.20.9-0ubuntu7.8 | 2.20.9-0ubuntu7.8 |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH