Ubuntu regression update for Apport

Published: 2020-03-18

Risk	Low
Patch available	YES
Number of vulnerabilities	5
CVE-ID	CVE-2019-11481 CVE-2019-11482 CVE-2019-11483 CVE-2019-11485 CVE-2019-15790
CWE-ID	CWE-264 CWE-362 CWE-61 CWE-399
Exploitation vector	Local
Public exploit	N/A
Vulnerable software Subscribe	apport (Ubuntu package) Operating systems & Components / Operating system package or component
Vendor	Canonical Ltd.

Security Bulletin

This security bulletin contains information about 5 vulnerabilities.

1) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU22529

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-11481

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to bypass certain security restrictions.

The vulnerability exists due Apport reads user-controlled settings files with root privileges. A local user can create a specially crafted settings file and force the application to read it. This could lead to application crash.

Mitigation

Update the affected packages.

Ubuntu 19.10: apport - 2.20.11-0ubuntu8.6; python-apport - 2.20.11-0ubuntu8.6; python3-apport - 2.20.11-0ubuntu8.6
Ubuntu 18.04 LTS: apport - 2.20.9-0ubuntu7.12; python-apport - 2.20.9-0ubuntu7.12; python3-apport - 2.20.9-0ubuntu7.12
Ubuntu 16.04 LTS: apport - 2.20.1-0ubuntu2.22; python-apport - 2.20.1-0ubuntu2.22; python3-apport - 2.20.1-0ubuntu2.22

Vulnerable software versions

apport (Ubuntu package): 2.20.1-0ubuntu2.1 - 2.20.11-0ubuntu8.5

External links

http://usn.ubuntu.com/4171-5/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Race condition

EUVDB-ID: #VU22530

Risk: Low

CVSSv3.1: 3.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-11482

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a race condition. A local user can force the Apport application to generate a crash report for a privileged process and make it readable to an unprivileged user.

Mitigation

Update the affected packages.

Ubuntu 19.10: apport - 2.20.11-0ubuntu8.6; python-apport - 2.20.11-0ubuntu8.6; python3-apport - 2.20.11-0ubuntu8.6
Ubuntu 18.04 LTS: apport - 2.20.9-0ubuntu7.12; python-apport - 2.20.9-0ubuntu7.12; python3-apport - 2.20.9-0ubuntu7.12
Ubuntu 16.04 LTS: apport - 2.20.1-0ubuntu2.22; python-apport - 2.20.1-0ubuntu2.22; python3-apport - 2.20.1-0ubuntu2.22

Vulnerable software versions

apport (Ubuntu package): 2.20.1-0ubuntu2.1 - 2.20.11-0ubuntu8.5

External links

http://usn.ubuntu.com/4171-5/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) UNIX symbolic link following

EUVDB-ID: #VU22531

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-11483

CWE-ID: CWE-61 - UNIX Symbolic Link (Symlink) Following

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to the Apport mishandles crash dumps originating from containers. A local user can trigger a crush dump for a controlled container and force the Apport to generate a report for a privileged process.

Mitigation

Update the affected packages.

Ubuntu 19.10: apport - 2.20.11-0ubuntu8.6; python-apport - 2.20.11-0ubuntu8.6; python3-apport - 2.20.11-0ubuntu8.6
Ubuntu 18.04 LTS: apport - 2.20.9-0ubuntu7.12; python-apport - 2.20.9-0ubuntu7.12; python3-apport - 2.20.9-0ubuntu7.12
Ubuntu 16.04 LTS: apport - 2.20.1-0ubuntu2.22; python-apport - 2.20.1-0ubuntu2.22; python3-apport - 2.20.1-0ubuntu2.22

Vulnerable software versions

apport (Ubuntu package): 2.20.1-0ubuntu2.1 - 2.20.11-0ubuntu8.5

External links

http://usn.ubuntu.com/4171-5/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Resource management error

EUVDB-ID: #VU22532

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-11485

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to Apport mishandled lock-file creation. A local user can crash the Apport service.

Mitigation

Update the affected packages.

Ubuntu 19.10: apport - 2.20.11-0ubuntu8.6; python-apport - 2.20.11-0ubuntu8.6; python3-apport - 2.20.11-0ubuntu8.6
Ubuntu 18.04 LTS: apport - 2.20.9-0ubuntu7.12; python-apport - 2.20.9-0ubuntu7.12; python3-apport - 2.20.9-0ubuntu7.12
Ubuntu 16.04 LTS: apport - 2.20.1-0ubuntu2.22; python-apport - 2.20.1-0ubuntu2.22; python3-apport - 2.20.1-0ubuntu2.22

Vulnerable software versions

apport (Ubuntu package): 2.20.1-0ubuntu2.1 - 2.20.11-0ubuntu8.5

External links

http://usn.ubuntu.com/4171-5/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU22533

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-15790

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to Apport reads various process-specific files with elevated privileges during crash dump generation. A local user can force the application to generate a crash report for a privileged process and gain access to sensitive information.

Mitigation

Update the affected packages.

Ubuntu 19.10: apport - 2.20.11-0ubuntu8.6; python-apport - 2.20.11-0ubuntu8.6; python3-apport - 2.20.11-0ubuntu8.6
Ubuntu 18.04 LTS: apport - 2.20.9-0ubuntu7.12; python-apport - 2.20.9-0ubuntu7.12; python3-apport - 2.20.9-0ubuntu7.12
Ubuntu 16.04 LTS: apport - 2.20.1-0ubuntu2.22; python-apport - 2.20.1-0ubuntu2.22; python3-apport - 2.20.1-0ubuntu2.22

Vulnerable software versions

apport (Ubuntu package): 2.20.1-0ubuntu2.1 - 2.20.11-0ubuntu8.5

External links

http://usn.ubuntu.com/4171-5/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.