Canonical: >> Apport >> 2.20.1-0ubuntu2.20 Security Vulnerabilities
It was discovered that the get_pid_info() function in data/apport did not properly parse the /proc/pid/status file from the kernel.
CVSS Score
8.8
EPSS Score
0.001
Published
2021-06-11
It was discovered that the get_starttime() function in data/apport did not properly parse the /proc/pid/stat file from the kernel.
CVSS Score
8.8
EPSS Score
0.0
Published
2021-06-11
It was discovered that apport in data/apport did not properly open a report file to prevent hanging reads on a FIFO.
CVSS Score
8.8
EPSS Score
0.001
Published
2021-06-11
An unhandled exception in check_ignored() in apport/report.py can be exploited by a local attacker to cause a denial of service. If the mtime attribute is a string value in apport-ignore.xml, it will trigger an unhandled exception, resulting in a crash. Fixed in 2.20.1-0ubuntu2.24, 2.20.9-0ubuntu7.16, 2.20.11-0ubuntu27.6.
CVSS Score
5.5
EPSS Score
0.001
Published
2020-08-06
TOCTOU Race Condition vulnerability in apport allows a local attacker to escalate privileges and execute arbitrary code. An attacker may exit the crashed process and exploit PID recycling to spawn a root process with the same PID as the crashed process, which can then be used to escalate privileges. Fixed in 2.20.1-0ubuntu2.24, 2.20.9 versions prior to 2.20.9-0ubuntu7.16 and 2.20.11 versions prior to 2.20.11-0ubuntu27.6. Was ZDI-CAN-11234.
CVSS Score
7.0
EPSS Score
0.001
Published
2020-08-06
Page 2