Apport

Unhandled exception in run_hang()

Bug #1876659 reported by Seong-Joong Kim
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Apport
Fix Released
Critical
Unassigned
Apport 2.21.0
apport (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

## Description
When we start apport-cli without PID, an unhandled exception in apport 2.20.11 and earlier may allow an authenticated user to potentially enable a denial of service via local access.

The following command may cause an application crash due to an unhandled exception.

$ apport-cli --hanging

*** Send problem report to the developers?

After the problem report has been sent, please fill out the form in the
automatically opened web browser.

What would you like to do? Your options are:
  S: Send report (24.0 KB)
  V: View report
  K: Keep report file for sending later or copying to somewhere else
  I: Cancel and ignore future crashes of this program version
  C: Cancel
Please choose (S/V/K/I/C): K
Problem report file: /tmp/apport.apport.uc0_znhj.apport
Traceback (most recent call last):
  File "/usr/bin/apport-cli", line 387, in <module>
    if not app.run_argv():
  File "/usr/lib/python3/dist-packages/apport/ui.py", line 690, in run_argv
    self.run_hang(self.options.pid)
  File "/usr/lib/python3/dist-packages/apport/ui.py", line 410, in run_hang
    os.kill(int(pid), signal.SIGKILL)
TypeError: int() argument must be a string, a bytes-like object or a number, not 'NoneType'

Above command generates the following application crash file in /var/crash/ directory.

ProblemType: Crash
CurrentDesktop: ubuntu:GNOME
Date: Sun May 3 19:09:41 2020
ExecutablePath: /usr/bin/apport-cli
ExecutableTimestamp: 1585099033
InterpreterPath: /usr/bin/python3.6
ProcCmdline: /usr/bin/python3 /usr/bin/apport-cli --hanging
ProcCwd: /home/user/apport/bin
ProcEnviron:
 ...
ProcMaps:
 ...
ProcStatus:
 ...
PythonArgs: ['/usr/bin/apport-cli', '--hanging']
Traceback:
 Traceback (most recent call last):
   File "/usr/bin/apport-cli", line 387, in <module>
     if not app.run_argv():
   File "/usr/lib/python3/dist-packages/apport/ui.py", line 690, in run_argv
     self.run_hang(self.options.pid)
   File "/usr/lib/python3/dist-packages/apport/ui.py", line 410, in run_hang
     os.kill(int(pid), signal.SIGKILL)
 TypeError: int() argument must be a string, a bytes-like object or a number, not 'NoneType'
UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo
_LogindSession: 6

Many thanks.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apport - 2.20.11-0ubuntu27.6

---------------
apport (2.20.11-0ubuntu27.6) focal-security; urgency=medium

  * SECURITY UPDATE: information disclosure issue (LP: #1885633)
    - data/apport: also drop gid when checking if user session is closing.
    - CVE-2020-11936
  * SECURITY UPDATE: crash via malformed ignore file (LP: #1877023)
    - apport/report.py: don't crash on malformed mtime values.
    - CVE-2020-15701
  * SECURITY UPDATE: TOCTOU in core file location
    - data/apport: make sure the process hasn't been replaced after Apport
      has started.
    - CVE-2020-15702
  * apport/ui.py, test/test_ui.py: make sure a PID is specified when using
    --hanging (LP: #1876659)
  * WARNING: This package does _not_ contain the changes from
    2.20.11-0ubuntu27.5 in focal-proposed.

 -- Marc Deslauriers <email address hidden> Fri, 31 Jul 2020 09:10:30 -0400

Changed in apport (Ubuntu):
status: New → Fix Released
Benjamin Drung (bdrung)
Changed in apport:
milestone: none → 2.21.0
importance: Undecided → Critical
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.