Unhandled exception in run_hang()
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Apport |
Fix Released
|
Critical
|
Unassigned | ||
apport (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
## Description
When we start apport-cli without PID, an unhandled exception in apport 2.20.11 and earlier may allow an authenticated user to potentially enable a denial of service via local access.
The following command may cause an application crash due to an unhandled exception.
$ apport-cli --hanging
*** Send problem report to the developers?
After the problem report has been sent, please fill out the form in the
automatically opened web browser.
What would you like to do? Your options are:
S: Send report (24.0 KB)
V: View report
K: Keep report file for sending later or copying to somewhere else
I: Cancel and ignore future crashes of this program version
C: Cancel
Please choose (S/V/K/I/C): K
Problem report file: /tmp/apport.
Traceback (most recent call last):
File "/usr/bin/
if not app.run_argv():
File "/usr/lib/
self.
File "/usr/lib/
os.
TypeError: int() argument must be a string, a bytes-like object or a number, not 'NoneType'
Above command generates the following application crash file in /var/crash/ directory.
ProblemType: Crash
CurrentDesktop: ubuntu:GNOME
Date: Sun May 3 19:09:41 2020
ExecutablePath: /usr/bin/apport-cli
ExecutableTimes
InterpreterPath: /usr/bin/python3.6
ProcCmdline: /usr/bin/python3 /usr/bin/apport-cli --hanging
ProcCwd: /home/user/
ProcEnviron:
...
ProcMaps:
...
ProcStatus:
...
PythonArgs: ['/usr/
Traceback:
Traceback (most recent call last):
File "/usr/bin/
if not app.run_argv():
File "/usr/lib/
self.
File "/usr/lib/
os.
TypeError: int() argument must be a string, a bytes-like object or a number, not 'NoneType'
UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo
_LogindSession: 6
Many thanks.
Related branches
CVE References
Changed in apport: | |
milestone: | none → 2.21.0 |
importance: | Undecided → Critical |
status: | New → Fix Released |
This bug was fixed in the package apport - 2.20.11-0ubuntu27.6
--------------- 0ubuntu27. 6) focal-security; urgency=medium
apport (2.20.11-
* SECURITY UPDATE: information disclosure issue (LP: #1885633) 11-0ubuntu27. 5 in focal-proposed.
- data/apport: also drop gid when checking if user session is closing.
- CVE-2020-11936
* SECURITY UPDATE: crash via malformed ignore file (LP: #1877023)
- apport/report.py: don't crash on malformed mtime values.
- CVE-2020-15701
* SECURITY UPDATE: TOCTOU in core file location
- data/apport: make sure the process hasn't been replaced after Apport
has started.
- CVE-2020-15702
* apport/ui.py, test/test_ui.py: make sure a PID is specified when using
--hanging (LP: #1876659)
* WARNING: This package does _not_ contain the changes from
2.20.
-- Marc Deslauriers <email address hidden> Fri, 31 Jul 2020 09:10:30 -0400