CVE 2019-11482
Sander Bos discovered a time of check to time of use (TOCTTOU) vulnerability in apport that allowed a user to cause core files to be written in arbitrary directories.
Related bugs and status
CVE-2019-11482 (Candidate) is related to these bugs:
Bug #1830862: Apport reads arbitrary files if ~/.config/apport/settings is a symlink
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1830862 | Apport reads arbitrary files if ~/.config/apport/settings is a symlink | apport (Ubuntu) | Undecided | Fix Released | ||
| 1830862 | Apport reads arbitrary files if ~/.config/apport/settings is a symlink | Apport | Critical | Fix Released | ||
Bug #1839413: TOCTTOU ("time of check to time of use") "cwd" variable race condition
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1839413 | TOCTTOU ("time of check to time of use") "cwd" variable race condition | Apport | High | Fix Released | ||
| 1839413 | TOCTTOU ("time of check to time of use") "cwd" variable race condition | apport (Ubuntu) | High | Fix Released | ||
Bug #1839414: Apport follows symbolic links in path components when creating core dump file
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1839414 | Apport follows symbolic links in path components when creating core dump file | Apport | High | New | ||
| 1839414 | Apport follows symbolic links in path components when creating core dump file | apport (Ubuntu) | High | New | ||
Bug #1839415: Fully user controllable lock file due to lock file being located in world-writable directory
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1839415 | Fully user controllable lock file due to lock file being located in world-writable directory | Apport | Low | Fix Released | ||
| 1839415 | Fully user controllable lock file due to lock file being located in world-writable directory | apport (Ubuntu) | Low | Fix Released | ||
Bug #1839420: Per-process user controllable Apport socket file
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1839420 | Per-process user controllable Apport socket file | Apport | High | Fix Released | ||
| 1839420 | Per-process user controllable Apport socket file | apport (Ubuntu) | High | Fix Released | ||
Bug #1839795: PID recycling enables an unprivileged user to generate and read a crash report for a privileged process
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1839795 | PID recycling enables an unprivileged user to generate and read a crash report for a privileged process | apport (Ubuntu) | Undecided | Fix Released | ||
| 1839795 | PID recycling enables an unprivileged user to generate and read a crash report for a privileged process | Apport | Critical | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
