CVE 2019-11482
Sander Bos discovered a time of check to time of use (TOCTTOU) vulnerability in apport that allowed a user to cause core files to be written in arbitrary directories.
Related bugs and status
CVE-2019-11482 (Candidate) is related to these bugs:
Bug #1830862: Apport reads arbitrary files if ~/.config/apport/settings is a symlink
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1830862 | Apport reads arbitrary files if ~/.config/apport/settings is a symlink | apport (Ubuntu) | Undecided | Fix Released | ||
1830862 | Apport reads arbitrary files if ~/.config/apport/settings is a symlink | Apport | Critical | Fix Released |
Bug #1839413: TOCTTOU ("time of check to time of use") "cwd" variable race condition
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1839413 | TOCTTOU ("time of check to time of use") "cwd" variable race condition | Apport | High | Fix Released | ||
1839413 | TOCTTOU ("time of check to time of use") "cwd" variable race condition | apport (Ubuntu) | High | Fix Released |
Bug #1839414: Apport follows symbolic links in path components when creating core dump file
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1839414 | Apport follows symbolic links in path components when creating core dump file | Apport | High | New | ||
1839414 | Apport follows symbolic links in path components when creating core dump file | apport (Ubuntu) | High | New |
Bug #1839415: Fully user controllable lock file due to lock file being located in world-writable directory
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1839415 | Fully user controllable lock file due to lock file being located in world-writable directory | Apport | Low | Fix Released | ||
1839415 | Fully user controllable lock file due to lock file being located in world-writable directory | apport (Ubuntu) | Low | Fix Released |
Bug #1839420: Per-process user controllable Apport socket file
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1839420 | Per-process user controllable Apport socket file | Apport | High | Fix Released | ||
1839420 | Per-process user controllable Apport socket file | apport (Ubuntu) | High | Fix Released |
Bug #1839795: PID recycling enables an unprivileged user to generate and read a crash report for a privileged process
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1839795 | PID recycling enables an unprivileged user to generate and read a crash report for a privileged process | apport (Ubuntu) | Undecided | Fix Released | ||
1839795 | PID recycling enables an unprivileged user to generate and read a crash report for a privileged process | Apport | Critical | Fix Released |
See the
CVE page on Mitre.org
for more details.