CVE-2019-11483 - Vulnerability Details - OpenCVE

Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00108.

Key SSVC decision points have not yet been added.

Vendors	Products
Apport Project	Apport
Canonical	Ubuntu Linux

Configuration 1 [-]

cpe:2.3:a:apport_project:apport:-:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:19.04:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:19.10:::::::*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2019-3156	Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user.
Ubuntu USN	USN-4171-1	Apport vulnerabilities
Ubuntu USN	USN-4171-2	Apport vulnerabilities

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://usn.ubuntu.com/usn/usn-4171-1
https://usn.ubuntu.com/usn/usn-4171-2

History

No history.

MITRE

Status: PUBLISHED

Assigner: canonical

Published: 2020-02-08T04:50:22.806201Z

Updated: 2024-09-16T18:17:50.401Z

Reserved: 2019-04-23T00:00:00

Link: CVE-2019-11483

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-02-08T05:15:13.290

Modified: 2024-11-21T04:21:10.473

Link: CVE-2019-11483

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "apport", "vendor": "Canonical", "versions": [{"lessThan": "2.14.1-0ubuntu3.29+esm2", "status": "affected", "version": "2.14.1", "versionType": "custom"}, {"lessThan": "2.20.1-0ubuntu2.20", "status": "affected", "version": "2.20.1", "versionType": "custom"}, {"lessThan": "2.20.9-0ubuntu7.8", "status": "affected", "version": "2.20.9", "versionType": "custom"}, {"lessThan": "2.20.11-0ubuntu8.1", "status": "affected", "version": "2.20.11", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Sander Bos"}], "datePublic": "2019-10-29T00:00:00", "descriptions": [{"lang": "en", "value": "Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Read user data with administrator privileges", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-02-08T04:50:22", "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://usn.ubuntu.com/usn/usn-4171-1"}, {"tags": ["x_refsource_MISC"], "url": "https://usn.ubuntu.com/usn/usn-4171-2"}], "source": {"advisory": "https://usn.ubuntu.com/usn/usn-4171-1", "defect": ["https://bugs.launchpad.net/apport/+bug/1839413"], "discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@ubuntu.com", "DATE_PUBLIC": "2019-10-29T00:00:00.000Z", "ID": "CVE-2019-11483", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "apport", "version": {"version_data": [{"version_affected": "<", "version_name": "2.14.1", "version_value": "2.14.1-0ubuntu3.29+esm2"}, {"version_affected": "<", "version_name": "2.20.1", "version_value": "2.20.1-0ubuntu2.20"}, {"version_affected": "<", "version_name": "2.20.9", "version_value": "2.20.9-0ubuntu7.8"}, {"version_affected": "<", "version_name": "2.20.11", "version_value": "2.20.11-0ubuntu8.1"}]}}]}, "vendor_name": "Canonical"}]}}, "credit": [{"lang": "eng", "value": "Sander Bos"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Read user data with administrator privileges"}]}]}, "references": {"reference_data": [{"name": "https://usn.ubuntu.com/usn/usn-4171-1", "refsource": "MISC", "url": "https://usn.ubuntu.com/usn/usn-4171-1"}, {"name": "https://usn.ubuntu.com/usn/usn-4171-2", "refsource": "MISC", "url": "https://usn.ubuntu.com/usn/usn-4171-2"}]}, "source": {"advisory": "https://usn.ubuntu.com/usn/usn-4171-1", "defect": ["https://bugs.launchpad.net/apport/+bug/1839413"], "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T22:55:40.442Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://usn.ubuntu.com/usn/usn-4171-1"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://usn.ubuntu.com/usn/usn-4171-2"}]}]}, "cveMetadata": {"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "assignerShortName": "canonical", "cveId": "CVE-2019-11483", "datePublished": "2020-02-08T04:50:22.806201Z", "dateReserved": "2019-04-23T00:00:00", "dateUpdated": "2024-09-16T18:17:50.401Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apport_project:apport:-:*:*:*:*:*:*:*", "matchCriteriaId": "47363193-B4DB-4654-BFAC-373426212337", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Sander Bos discovered Apport mishandled crash dumps originating from containers. This could be used by a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user."}, {"lang": "es", "value": "Sander Bos detect\u00f3 que Apport manej\u00f3 inapropiadamente los vertederos accidentales procedentes de contenedores. Esto podr\u00eda ser utilizado por un atacante local para generar un reporte de bloqueo para un proceso privilegiado que pueda ser le\u00eddo por un usuario no privilegiado."}], "id": "CVE-2019-11483", "lastModified": "2024-11-21T04:21:10.473", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.1, "impactScore": 5.3, "source": "security@ubuntu.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-02-08T05:15:13.290", "references": [{"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/usn/usn-4171-1"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/usn/usn-4171-2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/usn/usn-4171-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/usn/usn-4171-2"}], "sourceIdentifier": "security@ubuntu.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}