CVE 2019-11485
Sander Bos discovered Apport's lock file was in a world-writable directory which allowed all users to prevent crash handling.
Related bugs and status
CVE-2019-11485 (Candidate) is related to these bugs:
Bug #1830862: Apport reads arbitrary files if ~/.config/apport/settings is a symlink
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1830862 | Apport reads arbitrary files if ~/.config/apport/settings is a symlink | apport (Ubuntu) | Undecided | Fix Released | ||
1830862 | Apport reads arbitrary files if ~/.config/apport/settings is a symlink | Apport | Critical | Fix Released |
Bug #1839413: TOCTTOU ("time of check to time of use") "cwd" variable race condition
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1839413 | TOCTTOU ("time of check to time of use") "cwd" variable race condition | Apport | High | Fix Released | ||
1839413 | TOCTTOU ("time of check to time of use") "cwd" variable race condition | apport (Ubuntu) | High | Fix Released |
Bug #1839415: Fully user controllable lock file due to lock file being located in world-writable directory
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1839415 | Fully user controllable lock file due to lock file being located in world-writable directory | Apport | Low | Fix Released | ||
1839415 | Fully user controllable lock file due to lock file being located in world-writable directory | apport (Ubuntu) | Low | Fix Released |
Bug #1839417: Potentially existing (legitimate, root owned) lock file getting deleted by Apport daily cron(8) script
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1839417 | Potentially existing (legitimate, root owned) lock file getting deleted by Apport daily cron(8) script | Apport | Low | New | ||
1839417 | Potentially existing (legitimate, root owned) lock file getting deleted by Apport daily cron(8) script | apport (Ubuntu) | Low | New |
Bug #1839420: Per-process user controllable Apport socket file
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1839420 | Per-process user controllable Apport socket file | Apport | High | Fix Released | ||
1839420 | Per-process user controllable Apport socket file | apport (Ubuntu) | High | Fix Released |
Bug #1839795: PID recycling enables an unprivileged user to generate and read a crash report for a privileged process
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1839795 | PID recycling enables an unprivileged user to generate and read a crash report for a privileged process | apport (Ubuntu) | Undecided | Fix Released | ||
1839795 | PID recycling enables an unprivileged user to generate and read a crash report for a privileged process | Apport | Critical | Fix Released |
See the
CVE page on Mitre.org
for more details.