Ubuntu update for apport
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 8 |
| CVE-ID | CVE-2021-3899 CVE-2022-1242 CVE-2022-28652 CVE-2022-28654 CVE-2022-28655 CVE-2022-28656 CVE-2022-28657 CVE-2022-28658 |
| CWE-ID | CWE-362 CWE-254 CWE-400 CWE-770 CWE-789 CWE-88 |
| Exploitation vector | Local |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software Subscribe |
Ubuntu Operating systems & Components / Operating system python3-apport (Ubuntu package) Operating systems & Components / Operating system package or component apport (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 8 vulnerabilities.
1) Race condition
EUVDB-ID: #VU63360
Risk: Low
CVSSv3.1: 7.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2021-3899
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition in the replaced executable detection. A local user can exploit the race and execute arbitrary code with root privileges.
MitigationUpdate the affected package apport to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 22.04
python3-apport (Ubuntu package): before 2.20.11-0ubuntu82.1
apport (Ubuntu package): before 2.20.11-0ubuntu82.1
External linkshttp://ubuntu.com/security/notices/USN-5427-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Security features bypass
EUVDB-ID: #VU63362
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-1242
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to incorrect handling of connections to Apport sockets inside containers. A local user can trick apport into connecting to arbitrary sockets as the root user.
MitigationUpdate the affected package apport to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 22.04
python3-apport (Ubuntu package): before 2.20.11-0ubuntu82.1
apport (Ubuntu package): before 2.20.11-0ubuntu82.1
External linkshttp://ubuntu.com/security/notices/USN-5427-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Resource exhaustion
EUVDB-ID: #VU63365
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-28652
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when reading user settings files. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationUpdate the affected package apport to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 22.04
python3-apport (Ubuntu package): before 2.20.11-0ubuntu82.1
apport (Ubuntu package): before 2.20.11-0ubuntu82.1
External linkshttp://ubuntu.com/security/notices/USN-5427-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Allocation of Resources Without Limits or Throttling
EUVDB-ID: #VU63367
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-28654
CWE-ID:
CWE-770 - Allocation of Resources Without Limits or Throttling
Exploit availability: No
DescriptionUpdate the affected package apport to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 22.04
python3-apport (Ubuntu package): before 2.20.11-0ubuntu82.1
apport (Ubuntu package): before 2.20.11-0ubuntu82.1
External linkshttp://ubuntu.com/security/notices/USN-5427-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Security features bypass
EUVDB-ID: #VU63368
Risk: Low
CVSSv3.1: 3.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-28655
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to apport does not filter D-Bus connection strings. A local user can force apport to initiate arbitrary network connections.
MitigationUpdate the affected package apport to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 22.04
python3-apport (Ubuntu package): before 2.20.11-0ubuntu82.1
apport (Ubuntu package): before 2.20.11-0ubuntu82.1
External linkshttp://ubuntu.com/security/notices/USN-5427-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Uncontrolled Memory Allocation
EUVDB-ID: #VU63370
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-28656
CWE-ID:
CWE-789 - Uncontrolled Memory Allocation
Exploit availability: No
DescriptionUpdate the affected package apport to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 22.04
python3-apport (Ubuntu package): before 2.20.11-0ubuntu82.1
apport (Ubuntu package): before 2.20.11-0ubuntu82.1
External linkshttp://ubuntu.com/security/notices/USN-5427-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Security features bypass
EUVDB-ID: #VU63371
Risk: Low
CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-28657
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code with escalated privileges.
The vulnerability exists due to Apport does not disable the python crash handler before chrooting into a container. A local user can bypass implemented security restrictions and execute arbitrary code with escalated privileges.
MitigationUpdate the affected package apport to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 22.04
python3-apport (Ubuntu package): before 2.20.11-0ubuntu82.1
apport (Ubuntu package): before 2.20.11-0ubuntu82.1
External linkshttp://ubuntu.com/security/notices/USN-5427-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Improper Neutralization of Argument Delimiters in a Command
EUVDB-ID: #VU63373
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-28658
CWE-ID:
CWE-88 - Argument Injection or Modification
Exploit availability: No
DescriptionThe vulnerability allows a local user to spoof arguments.
The vulnerability exists due to Apport incorrectly handles filename argument whitespace. A local user can spoof arguments to the Apport daemon.
Update the affected package apport to the latest version.
Vulnerable software versionsUbuntu: 18.04 - 22.04
python3-apport (Ubuntu package): before 2.20.11-0ubuntu82.1
apport (Ubuntu package): before 2.20.11-0ubuntu82.1
External linkshttp://ubuntu.com/security/notices/USN-5427-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
