3.3

CVE-2019-15790

Exploit

Apport reads PID files with elevated privileges

Apport reads and writes information on a crashed process to /proc/pid with elevated privileges. Apport then determines which user the crashed process belongs to by reading /proc/pid through get_pid_info() in data/apport. An unprivileged user could exploit this to read information about a privileged running process by exploiting PID recycling. This information could then be used to obtain ASLR offsets for a process with an existing memory corruption vulnerability. The initial fix introduced regressions in the Python Apport library due to a missing argument in Report.add_proc_environ in apport/report.py. It also caused an autopkgtest failure when reading /proc/pid and with Python 2 compatibility by reading /proc maps. The initial and subsequent regression fixes are in 2.20.11-0ubuntu16, 2.20.11-0ubuntu8.6, 2.20.9-0ubuntu7.12, 2.20.1-0ubuntu2.22 and 2.14.1-0ubuntu3.29+esm3.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Apport ProjectApport Version-
CanonicalUbuntu Linux Version14.04 SwEditionesm
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version19.04
CanonicalUbuntu Linux Version19.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.05% 0.15
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 3.3 1.8 1.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:P/I:N/A:N
security@ubuntu.com 2.8 1.1 1.4
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
CWE-250 Execution with Unnecessary Privileges

The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://bugs.launchpad.net/apport/+bug/1854237
Third Party Advisory
Issue Tracking
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1839795
Third Party Advisory
Exploit
Issue Tracking
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1850929
Patch
Third Party Advisory
Exploit
Issue Tracking
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1851806
Third Party Advisory
Exploit
Issue Tracking
https://usn.ubuntu.com/4171-1/
Third Party Advisory
https://usn.ubuntu.com/4171-2/
Third Party Advisory
https://usn.ubuntu.com/4171-3/
Third Party Advisory
https://usn.ubuntu.com/4171-4/
Third Party Advisory
https://usn.ubuntu.com/4171-5/
Third Party Advisory