| 2020-05-11 07:43:11 |
Seong-Joong Kim |
description |
Hi,
I have found a security issue on apport 2.20.11 and earlier.
## Vulnerability in apport
apport 2.20.11 and earlier have an unhandled exception vulnerability during parsing apport-ignore.xml.
An attacker can cause a denial of service (i.e., application crash) via a crafted apport-ignore.xml file.
## Description
Reports can be suppressed by blacklisting in apport-ignore.xml.
This is an example of apport-ignore.xml
<?xml version="1.0" ?>
<apport>
<ignore mtime="1461374304" program="/opt/sublime_text/sublime_text"/>
<ignore mtime="1453471676" program="/bin/sleep"/>
<ignore mtime="1452699271" program="/usr/bin/strace"/>
</apport>
Unfortunately, it may cause an unhandled exception when 'mtime' attribute is specified as a string value, not a number like this.
<?xml version="1.0" ?>
<apport>
<ignore mtime="string" program="/bin/sleep"/>
</apport>
It may disrupt apport service and allow an attacker to potentially enable a denial of service via local access.
The flaw lies in improper exception handling of 'mtime' attribute in apport-ignore.xml (see https://git.launchpad.net/ubuntu/+source/apport/tree/apport/report.py?h=applied/ubuntu/devel#n1104).
Here is /var/log/apport.log when the above exception occurs.
ERROR: apport (pid 25904) Tue May 5 18:38:21 2020: Unhandled exception:
Traceback (most recent call last):
File "/usr/share/apport/apport", line 629, in <module>
if info.check_ignored():
File "/usr/lib/python3/dist-packages/apport/report.py", line 1082, in check_ignored
if float(ignore.getAttribute('mtime')) >= cur_mtime:
ValueError: could not convert string to float: 'string'
Sincerely, |
Hi,
I have found a security issue on apport 2.20.11 and earlier.
## Vulnerability
apport 2.20.11 and earlier have an unhandled exception vulnerability during parsing apport-ignore.xml.
An attacker can cause a denial of service (i.e., application crash) via a crafted apport-ignore.xml file.
## Description
Reports can be suppressed by blacklisting in apport-ignore.xml.
This is an example of apport-ignore.xml
<?xml version="1.0" ?>
<apport>
<ignore mtime="1461374304" program="/opt/sublime_text/sublime_text"/>
<ignore mtime="1453471676" program="/bin/sleep"/>
<ignore mtime="1452699271" program="/usr/bin/strace"/>
</apport>
Unfortunately, it may cause an unhandled exception when 'mtime' attribute is specified as a string value, not a number like this.
<?xml version="1.0" ?>
<apport>
<ignore mtime="string" program="/bin/sleep"/>
</apport>
It may disrupt apport service and allow an attacker to potentially enable a denial of service via local access.
The flaw lies in improper exception handling of 'mtime' attribute in apport-ignore.xml (see https://git.launchpad.net/ubuntu/+source/apport/tree/apport/report.py?h=applied/ubuntu/devel#n1104).
## Log
Here is /var/log/apport.log when the above exception occurs.
ERROR: apport (pid 25904) Tue May 5 18:38:21 2020: Unhandled exception:
Traceback (most recent call last):
File "/usr/share/apport/apport", line 629, in <module>
if info.check_ignored():
File "/usr/lib/python3/dist-packages/apport/report.py", line 1082, in check_ignored
if float(ignore.getAttribute('mtime')) >= cur_mtime:
ValueError: could not convert string to float: 'string'
Sincerely, |
|
