Showing 1 - 3 of 3

CVE-2019-7307

Status Candidate

Overview

Apport before versions 2.14.1-0ubuntu3.29+esm1, 2.20.1-0ubuntu2.19, 2.20.9-0ubuntu7.7, 2.20.10-0ubuntu27.1, 2.20.11-0ubuntu5 contained a TOCTTOU vulnerability when reading the users ~/.apport-ignore.xml file, which allows a local attacker to replace this file with a symlink to any other file on the system and so cause Apport to include the contents of this other file in the resulting crash report. The crash report could then be read by that user either by causing it to be uploaded and reported to Launchpad, or by leveraging some other vulnerability to read the resulting crash report, and so allow the user to read arbitrary files on the system.

Related Files

Ubuntu Apport / Whoopsie DoS / Integer Overflow: Posted Jun 12, 2023; Authored by GitHub Security Lab; Five proof of concept exploits that encompass integer overflow and denial of service conditions in Ubuntu's Apport and Whoopsie components.; tags | exploit, denial of service, overflow, proof of concept; systems | linux, ubuntu; advisories | CVE-2019-11476, CVE-2019-11481, CVE-2019-11484, CVE-2019-15790, CVE-2019-7307; SHA-256 | 04883ffd913b86aa2c8a13bf6757fef0b0d4525b563200cbd5563f587cdfc221; Download | Favorite | View

Ubuntu Security Notice USN-4051-2: Posted Jul 9, 2019; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 4051-2 - USN-4051-1 fixed a vulnerability in apport. This update provides the corresponding update for Ubuntu 14.04 ESM. Kevin Backhouse discovered a race-condition when reading the user's local Apport configuration. This could be used by a local attacker to cause Apport to include arbitrary files in a resulting crash report. Various other issues were also addressed.; tags | advisory, arbitrary, local; systems | linux, ubuntu; advisories | CVE-2019-7307; SHA-256 | b118b73a3e70bc75b2761814734a137b7fc3d5482fda00d698c2f0483d75154f; Download | Favorite | View

Ubuntu Security Notice USN-4051-1: Posted Jul 9, 2019; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 4051-1 - Kevin Backhouse discovered a race-condition when reading the user's local Apport configuration. This could be used by a local attacker to cause Apport to include arbitrary files in a resulting crash report.; tags | advisory, arbitrary, local; systems | linux, ubuntu; advisories | CVE-2019-7307; SHA-256 | d330a041cc9d074219ac46e063d908460812f0c7b37bbe6dca395bc146806de0; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 293 files
Ubuntu 64 files
Debian 22 files
Gentoo 8 files
Google Security Research 7 files
LiquidWorm 6 files
Apple 5 files
Jann Horn 3 files
Spencer McIntyre 3 files
Milad Karimi 3 files

File Archives

Systems

AIX (430)
Apple (2,132)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,175)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,140)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,480)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,022)
UNIX (9,482)
UnixWare (188)
Windows (6,785)
Other

CVE-2019-7307

Overview

Related Files

File Archive:

December 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems