CVE-2019-7307
published 2019-08-29CVE-2019-7307: Apport before versions 2.14.1-0ubuntu3.29+esm1, 2.20.1-0ubuntu2.19, 2.20.9-0ubuntu7.7, 2.20.10-0ubuntu27.1, 2.20.11-0ubuntu5 contained a TOCTTOU vulnerability…
PriorityP431high7CVSS 3.1
AVLACHPRLUINSUCHIHAH
EPSS
0.31%
23.1th percentile
Apport before versions 2.14.1-0ubuntu3.29+esm1, 2.20.1-0ubuntu2.19, 2.20.9-0ubuntu7.7, 2.20.10-0ubuntu27.1, 2.20.11-0ubuntu5 contained a TOCTTOU vulnerability when reading the users ~/.apport-ignore.xml file, which allows a local attacker to replace this file with a symlink to any other file on the system and so cause Apport to include the contents of this other file in the resulting crash report. The crash report could then be read by that user either by causing it to be uploaded and reported to Launchpad, or by leveraging some other vulnerability to read the resulting crash report, and so allow the user to read arbitrary files on the system.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apport_project | apport | — | — |
| apport_project | apport | — | — |
| apport_project | apport | — | — |
| apport_project | apport | — | — |
| apport_project | apport | >= 0 < 2.20.1-0ubuntu2.19 | 2.20.1-0ubuntu2.19 |
| apport_project | apport | >= 0 < 2.20.9-0ubuntu7.7 | 2.20.9-0ubuntu7.7 |
| apport_project | apport | >= 0 < 2.14.1-0ubuntu3.29+esm1 | 2.14.1-0ubuntu3.29+esm1 |
| ubuntu | apport | — | — |
| ubuntu | apport | — | — |
| ubuntu | apport | — | — |
| ubuntu | apport | — | — |
| ubuntu | apport | — | — |
CVSS provenance
nvdv3.17.0HIGHCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv3.06.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
nvdv2.04.4MEDIUMAV:L/AC:M/Au:N/C:P/I:P/A:P
osv7.0HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-75vh-qgvc-r573: Apport before versions 2
ghsa_unreviewed·2022-05-24
CVE-2019-7307 [HIGH] CWE-367 GHSA-75vh-qgvc-r573: Apport before versions 2
Apport before versions 2.14.1-0ubuntu3.29+esm1, 2.20.1-0ubuntu2.19, 2.20.9-0ubuntu7.7, 2.20.10-0ubuntu27.1, 2.20.11-0ubuntu5 contained a TOCTTOU vulnerability when reading the users ~/.apport-ignore.xml file, which allows a local attacker to replace this file with a symlink to any other file on the system and so cause Apport to include the contents of this other file in the resulting crash report. The crash report could then be read by that user either by causing it to be uploaded and reported to Launchpad, or by leveraging some other vulnerability to read the resulting crash report, and so allow the user to read arbitrary files on the system.
OSV
CVE-2019-7307: Apport before versions 2
osv·2019-07-09·CVSS 7.0
CVE-2019-7307 [HIGH] CVE-2019-7307: Apport before versions 2
Apport before versions 2.14.1-0ubuntu3.29+esm1, 2.20.1-0ubuntu2.19, 2.20.9-0ubuntu7.7, 2.20.10-0ubuntu27.1, 2.20.11-0ubuntu5 contained a TOCTTOU vulnerability when reading the users ~/.apport-ignore.xml file, which allows a local attacker to replace this file with a symlink to any other file on the system and so cause Apport to include the contents of this other file in the resulting crash report. The crash report could then be read by that user either by causing it to be uploaded and reported to Launchpad, or by leveraging some other vulnerability to read the resulting crash report, and so allow the user to read arbitrary files on the system.
Ubuntu
Apport vulnerability
vendor_ubuntu·2019-07-09
CVE-2019-7307 Apport vulnerability
Title: Apport vulnerability
Summary: Apport could be made to expose sensitive information in crash reports.
Kevin Backhouse discovered a race-condition when reading the user's local
Apport configuration. This could be used by a local attacker to cause
Apport to include arbitrary files in a resulting crash report.
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
Apport vulnerability
vendor_ubuntu·2019-07-09
CVE-2019-7307 Apport vulnerability
Title: Apport vulnerability
Summary: Apport could be made to expose sensitive information in crash reports.
USN-4051-1 fixed a vulnerability in apport. This update provides
the corresponding update for Ubuntu 14.04 ESM.
Original advisory details:
Kevin Backhouse discovered a race-condition when reading the user's local
Apport configuration. This could be used by a local attacker to cause
Apport to include arbitrary files in a resulting crash report.
Instructions: In general, a standard system update will make all the necessary changes.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.htmlhttps://bugs.launchpad.net/ubuntu/%2Bsource/apport/%2Bbug/1830858https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7307.htmlhttp://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.htmlhttps://bugs.launchpad.net/ubuntu/%2Bsource/apport/%2Bbug/1830858https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-7307.html
2019-08-29
Published