CVE 2019-11481
Kevin Backhouse discovered that apport would read a user-supplied configuration file with elevated privileges. By replacing the file with a symbolic link, a user could get apport to read any file on the system as root, with unknown consequences.
Related bugs and status
CVE-2019-11481 (Candidate) is related to these bugs:
Bug #1830862: Apport reads arbitrary files if ~/.config/apport/settings is a symlink
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1830862 | Apport reads arbitrary files if ~/.config/apport/settings is a symlink | apport (Ubuntu) | Undecided | Fix Released | ||
| 1830862 | Apport reads arbitrary files if ~/.config/apport/settings is a symlink | Apport | Critical | Fix Released | ||
Bug #1839413: TOCTTOU ("time of check to time of use") "cwd" variable race condition
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1839413 | TOCTTOU ("time of check to time of use") "cwd" variable race condition | Apport | High | Fix Released | ||
| 1839413 | TOCTTOU ("time of check to time of use") "cwd" variable race condition | apport (Ubuntu) | High | Fix Released | ||
Bug #1839415: Fully user controllable lock file due to lock file being located in world-writable directory
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1839415 | Fully user controllable lock file due to lock file being located in world-writable directory | Apport | Low | Fix Released | ||
| 1839415 | Fully user controllable lock file due to lock file being located in world-writable directory | apport (Ubuntu) | Low | Fix Released | ||
Bug #1839420: Per-process user controllable Apport socket file
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1839420 | Per-process user controllable Apport socket file | Apport | High | Fix Released | ||
| 1839420 | Per-process user controllable Apport socket file | apport (Ubuntu) | High | Fix Released | ||
Bug #1839795: PID recycling enables an unprivileged user to generate and read a crash report for a privileged process
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1839795 | PID recycling enables an unprivileged user to generate and read a crash report for a privileged process | apport (Ubuntu) | Undecided | Fix Released | ||
| 1839795 | PID recycling enables an unprivileged user to generate and read a crash report for a privileged process | Apport | Critical | Fix Released | ||
Bug #1903332: Apport get_config incorrectly drops privileges
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1903332 | Apport get_config incorrectly drops privileges | apport (Ubuntu) | Undecided | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
