Canonical Apport vulnerabilities

CVE-2021-25684 [HIGH] CWE-20 CVE-2021-25684: It was discovered that apport in data/apport did not properly open a report file to prevent hanging It was discovered that apport in data/apport did not properly open a report file to prevent hanging reads on a FIFO.

CVE-2021-25683 [HIGH] CWE-20 CVE-2021-25683: It was discovered that the get_starttime() function in data/apport did not properly parse the /proc/ It was discovered that the get_starttime() function in data/apport did not properly parse the /proc/pid/stat file from the kernel.

CVE-2020-15702 [HIGH] CWE-367 CVE-2020-15702: TOCTOU Race Condition vulnerability in apport allows a local attacker to escalate privileges and exe TOCTOU Race Condition vulnerability in apport allows a local attacker to escalate privileges and execute arbitrary code. An attacker may exit the crashed process and exploit PID recycling to spawn a root process with the same PID as the crashed process, which can then be used to escalate privileges. Fixed in 2.20.1-0ubuntu2.24, 2.20.9 versions prior t

CVE-2020-15701 [MEDIUM] CWE-755 CVE-2020-15701: An unhandled exception in check_ignored() in apport/report.py can be exploited by a local attacker t An unhandled exception in check_ignored() in apport/report.py can be exploited by a local attacker to cause a denial of service. If the mtime attribute is a string value in apport-ignore.xml, it will trigger an unhandled exception, resulting in a crash. Fixed in 2.20.1-0ubuntu2.24, 2.20.9-0ubuntu7.16, 2.20.11-0ubuntu27.6.

CVE-2019-15790 [LOW] CWE-250 CVE-2019-15790: Apport reads and writes information on a crashed process to /proc/pid with elevated privileges. Appo Apport reads and writes information on a crashed process to /proc/pid with elevated privileges. Apport then determines which user the crashed process belongs to by reading /proc/pid through get_pid_info() in data/apport. An unprivileged user could exploit this to read information about a privileged running process by exploiting PID recycling. This info

CVE-2020-8831 [MEDIUM] CWE-379 CVE-2020-8831: Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport Apport creates a world writable lock file with root ownership in the world writable /var/lock/apport directory. If the apport/ directory does not exist (this is not uncommon as /var/lock is a tmpfs), it will create the directory, otherwise it will simply continue execution using the existing directory. This allows for a symlink attack if an attacker w

CVE-2020-8833 [MEDIUM] CWE-367 CVE-2020-8833: Time-of-check Time-of-use Race Condition vulnerability on crash report ownership change in Apport al Time-of-check Time-of-use Race Condition vulnerability on crash report ownership change in Apport allows for a possible privilege escalation opportunity. If fs.protected_symlinks is disabled, this can be exploited between the os.open and os.chown calls when the Apport cron script clears out crash files of size 0. A symlink with the same name as the de

CVE-2019-11481 [LOW] CWE-59 CVE-2019-11481: Kevin Backhouse discovered that apport would read a user-supplied configuration file with elevated p Kevin Backhouse discovered that apport would read a user-supplied configuration file with elevated privileges. By replacing the file with a symbolic link, a user could get apport to read any file on the system as root, with unknown consequences.

CVE-2019-11482 [MEDIUM] CWE-367 CVE-2019-11482: Sander Bos discovered a time of check to time of use (TOCTTOU) vulnerability in apport that allowed Sander Bos discovered a time of check to time of use (TOCTTOU) vulnerability in apport that allowed a user to cause core files to be written in arbitrary directories.

CVE-2019-11483 [HIGH] CVE-2019-11483: Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user.

CVE-2019-11485 [LOW] CWE-412 CVE-2019-11485: Sander Bos discovered Apport's lock file was in a world-writable directory which allowed all users t Sander Bos discovered Apport's lock file was in a world-writable directory which allowed all users to prevent crash handling.

CVE-2015-1341 [HIGH] CWE-264 CVE-2015-1341: Any Python module in sys.path can be imported if the command line of the process triggering the core Any Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument is -m in Apport before 2.19.2 function _python_module_path.