CVE-2019-11485Unrestricted Externally Accessible Lock in Apport

CWE-412Unrestricted Externally Accessible Lock6 documents5 sources
Severity
3.3LOWNVD
EPSS
0.1%
top 74.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Canonical ApportApport Project ApportCanonical Ubuntu Linux
Timeline
PublishedFeb 8
Latest updateMay 24

Description

Sander Bos discovered Apport's lock file was in a world-writable directory which allowed all users to prevent crash handling.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5canonical/apport2.14.12.14.1-0ubuntu3.29+esm2+3
Ubuntuapport_project/apport< 2.20.1-0ubuntu2.20+2

Also affects: Ubuntu Linux 14.04, 16.04, 18.04, 19.04, 19.10

🔴Vulnerability Details

3
GHSA
GHSA-3wqr-pcvr-hx5r: Sander Bos discovered Apport's lock file was in a world-writable director which allowed all users to prevent crash handling2022-05-24
CVEList
apport created lock file in wrong directory2020-02-08
OSV
CVE-2019-11485: Sander Bos discovered Apport's lock file was in a world-writable directory which allowed all users to prevent crash handling2019-10-29

📋Vendor Advisories

2
Ubuntu
Apport vulnerabilities2019-11-04
Ubuntu
Apport vulnerabilities2019-10-30
CVE-2019-11485 — Canonical Apport vulnerability | cvebase