Apport Project: >> Apport >> 2.20.1 Security Vulnerabilities
is_closing_session() allows users to consume RAM in the Apport process
CVSS Score
5.5
EPSS Score
0.0
Published
2024-06-04
Apport does not disable python crash handler before entering chroot
CVSS Score
7.8
EPSS Score
0.0
Published
2024-06-04
Apport argument parsing mishandles filename splitting on older kernels resulting in argument spoofing
CVSS Score
5.5
EPSS Score
0.001
Published
2024-06-04
~/.config/apport/settings parsing is vulnerable to "billion laughs" attack
CVSS Score
5.5
EPSS Score
0.0
Published
2024-06-04
is_closing_session() allows users to fill up apport.log
CVSS Score
5.5
EPSS Score
0.0
Published
2024-06-04
is_closing_session() allows users to create arbitrary tcp dbus connections
CVSS Score
7.1
EPSS Score
0.0
Published
2024-06-04
Apport before versions 2.14.1-0ubuntu3.29+esm1, 2.20.1-0ubuntu2.19, 2.20.9-0ubuntu7.7, 2.20.10-0ubuntu27.1, 2.20.11-0ubuntu5 contained a TOCTTOU vulnerability when reading the users ~/.apport-ignore.xml file, which allows a local attacker to replace this file with a symlink to any other file on the system and so cause Apport to include the contents of this other file in the resulting crash report. The crash report could then be read by that user either by causing it to be uploaded and reported to Launchpad, or by leveraging some other vulnerability to read the resulting crash report, and so allow the user to read arbitrary files on the system.
CVSS Score
6.5
EPSS Score
0.0
Published
2019-08-29
Apport does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers. The is_same_ns() function returns True when /proc/<global pid>/ does not exist in order to indicate that the crash should be handled in the global namespace rather than inside of a container. However, the portion of the data/apport code that decides whether or not to forward a crash to a container does not always replace sys.argv[1] with the value stored in the host_pid variable when /proc/<global pid>/ does not exist which results in the container pid being used in the global namespace. This flaw affects versions 2.20.8-0ubuntu4 through 2.20.9-0ubuntu7, 2.20.7-0ubuntu3.7, 2.20.7-0ubuntu3.8, 2.20.1-0ubuntu2.15 through 2.20.1-0ubuntu2.17, and 2.14.1-0ubuntu3.28.
CVSS Score
7.8
EPSS Score
0.0
Published
2018-05-31
Apport through 2.20.7 does not properly handle core dumps from setuid binaries allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1324.
CVSS Score
7.8
EPSS Score
0.001
Published
2018-02-02
Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges, a different vulnerability than CVE-2017-14179.
CVSS Score
7.8
EPSS Score
0.001
Published
2018-02-02
Page 1