CVE-2020-11936
published 2020-08-04CVE-2020-11936: Title: Apport vulnerabilities Summary: Several security issues were fixed in Apport. Ryota Shiga working with Trend Micro´s Zero Day Initiative, discovered…
low3.1CVSS 3.1
AVNACHPRLUINSUCLINAN
EPSS
0.34%
25.5th percentile
Title: Apport vulnerabilities
Summary: Several security issues were fixed in Apport.
Ryota Shiga working with Trend Micro´s Zero Day Initiative, discovered that
Apport incorrectly dropped privileges when making certain D-Bus calls. A
local attacker could use this issue to read arbitrary files.
(CVE-2020-11936)
Seong-Joong Kim discovered that Apport incorrectly parsed configuration
files. A local attacker could use this issue to cause Apport to crash,
resulting in a denial of service. (CVE-2020-15701)
Ryota Shiga working with Trend Micro´s Zero Day Initiative, discovered that
Apport incorrectly implemented certain checks. A local attacker could use
this issue to escalate privileges and run arbitrary code. (CVE-2020-15702)
Instructions: In general, a standard system update will make all the necessary changes.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apport_project | apport | >= 0 < 2.20.1-0ubuntu2.24 | 2.20.1-0ubuntu2.24 |
| apport_project | apport | >= 0 < 2.20.9-0ubuntu7.16 | 2.20.9-0ubuntu7.16 |
| apport_project | apport | >= 0 < 2.20.11-0ubuntu27.6 | 2.20.11-0ubuntu27.6 |
| apport_project | apport | >= 0 < 2.14.1-0ubuntu3.29+esm5 | 2.14.1-0ubuntu3.29+esm5 |
CVSS provenance
nvdv3.13.1LOWCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
osv3.1LOW
vendor_ubuntu3.1LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Apport vulnerabilities
vendor_ubuntu·2020-09-02·CVSS 3.1
CVE-2020-11936 [LOW] Apport vulnerabilities
Title: Apport vulnerabilities
Summary: Several security issues were fixed in Apport.
USN-4449-1 fixed several vulnerabilities in Apport. This update provides
the corresponding update for Ubuntu 14.04 ESM.
Original advisory details:
Ryota Shiga working with Trend Micro´s Zero Day Initiative, discovered that
Apport incorrectly dropped privileges when making certain D-Bus calls. A
local attacker could use this issue to read arbitrary files.
(CVE-2020-11936)
Seong-Joong Kim discovered that Apport incorrectly parsed configuration
files. A local attacker could use this issue to cause Apport to crash,
resulting in a denial of service. (CVE-2020-15701)
Ryota Shiga working with Trend Micro´s Zero Day Initiative, discovered that
Apport incorrectly implemented certain checks. A local attacker c
Ubuntu
Apport vulnerabilities
vendor_ubuntu·2020-08-04·CVSS 3.1
CVE-2020-11936 [LOW] Apport vulnerabilities
Title: Apport vulnerabilities
Summary: Several security issues were fixed in Apport.
Ryota Shiga working with Trend Micro´s Zero Day Initiative, discovered that
Apport incorrectly dropped privileges when making certain D-Bus calls. A
local attacker could use this issue to read arbitrary files.
(CVE-2020-11936)
Seong-Joong Kim discovered that Apport incorrectly parsed configuration
files. A local attacker could use this issue to cause Apport to crash,
resulting in a denial of service. (CVE-2020-15701)
Ryota Shiga working with Trend Micro´s Zero Day Initiative, discovered that
Apport incorrectly implemented certain checks. A local attacker could use
this issue to escalate privileges and run arbitrary code. (CVE-2020-15702)
Instructions: In general, a standard system update will make all
OSV
apport vulnerabilities
osv·2020-09-02·CVSS 3.1
CVE-2020-11936 [LOW] apport vulnerabilities
apport vulnerabilities
USN-4449-1 fixed several vulnerabilities in Apport. This update provides
the corresponding update for Ubuntu 14.04 ESM.
Original advisory details:
Ryota Shiga working with Trend Micro´s Zero Day Initiative, discovered that
Apport incorrectly dropped privileges when making certain D-Bus calls. A
local attacker could use this issue to read arbitrary files.
(CVE-2020-11936)
Seong-Joong Kim discovered that Apport incorrectly parsed configuration
files. A local attacker could use this issue to cause Apport to crash,
resulting in a denial of service. (CVE-2020-15701)
Ryota Shiga working with Trend Micro´s Zero Day Initiative, discovered that
Apport incorrectly implemented certain checks. A local attacker could use
this issue to escalate privileges and run arbitrary co
OSV
apport vulnerabilities
osv·2020-08-04·CVSS 3.1
CVE-2020-11936 [LOW] apport vulnerabilities
apport vulnerabilities
Ryota Shiga working with Trend Micro´s Zero Day Initiative, discovered that
Apport incorrectly dropped privileges when making certain D-Bus calls. A
local attacker could use this issue to read arbitrary files.
(CVE-2020-11936)
Seong-Joong Kim discovered that Apport incorrectly parsed configuration
files. A local attacker could use this issue to cause Apport to crash,
resulting in a denial of service. (CVE-2020-15701)
Ryota Shiga working with Trend Micro´s Zero Day Initiative, discovered that
Apport incorrectly implemented certain checks. A local attacker could use
this issue to escalate privileges and run arbitrary code. (CVE-2020-15702)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-08-04
Published