Product:

Apport

(Apport_project)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 15
Date ID Summary Products Score Patch
2020-02-08 CVE-2019-11485 Sander Bos discovered Apport's lock file was in a world-writable director which allowed all users to prevent crash handling. Apport, Ubuntu_linux N/A
2020-02-08 CVE-2019-11483 Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. Apport, Ubuntu_linux N/A
2020-02-08 CVE-2019-11482 Sander Bos discovered a time of check to time of use (TOCTTOU) vulnerability in apport that allowed a user to cause core files to be written in arbitrary directories. Apport, Ubuntu_linux N/A
2020-02-08 CVE-2019-11481 Kevin Backhouse discovered that apport would read a user-supplied configuration file with elevated privileges. By replacing the file with a symbolic link, a user could get apport to read any file on the system as root, with unknown consequences. Apport, Ubuntu_linux N/A
2019-08-29 CVE-2019-7307 Apport before versions 2.14.1-0ubuntu3.29+esm1, 2.20.1-0ubuntu2.19, 2.20.9-0ubuntu7.7, 2.20.10-0ubuntu27.1, 2.20.11-0ubuntu5 contained a TOCTTOU vulnerability when reading the users ~/.apport-ignore.xml file, which allows a local attacker to replace this file with a symlink to any other file on the system and so cause Apport to include the contents of this other file in the resulting crash report. The crash report could then be read by that user either by causing it to be uploaded and... Apport 7.0
2018-05-31 CVE-2018-6552 Apport does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers. The is_same_ns() function returns True when /proc/<global pid>/ does not exist in order to indicate that the crash should be handled in the global namespace rather than inside of a container. However, the portion of the... Apport 7.8
2018-02-02 CVE-2017-14180 Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges, a different vulnerability than CVE-2017-14179. Apport, Ubuntu_linux 7.8
2018-02-02 CVE-2017-14179 Apport before 2.13 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers. Apport, Ubuntu_linux 7.8
2018-02-02 CVE-2017-14177 Apport through 2.20.7 does not properly handle core dumps from setuid binaries allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1324. Apport, Ubuntu_linux 7.8
2017-07-18 CVE-2017-10708 An issue was discovered in Apport through 2.20.x. In apport/report.py, Apport sets the ExecutablePath field and it then uses the path to run package specific hooks without protecting against path traversal. This allows remote attackers to execute arbitrary code via a crafted .crash file. Apport 7.8