{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2019-15790", "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "assignerShortName": "canonical", "dateUpdated": "2024-09-16T20:43:33.638Z", "dateReserved": "2019-08-29T00:00:00", "datePublished": "2020-04-27T23:25:19.961303Z"}, "containers": {"cna": {"title": "Apport reads PID files with elevated privileges", "datePublic": "2019-10-30T00:00:00", "providerMetadata": {"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical", "dateUpdated": "2023-06-12T00:00:00"}, "descriptions": [{"lang": "en", "value": "Apport reads and writes information on a crashed process to /proc/pid with elevated privileges. Apport then determines which user the crashed process belongs to by reading /proc/pid through get_pid_info() in data/apport. An unprivileged user could exploit this to read information about a privileged running process by exploiting PID recycling. This information could then be used to obtain ASLR offsets for a process with an existing memory corruption vulnerability. The initial fix introduced regressions in the Python Apport library due to a missing argument in Report.add_proc_environ in apport/report.py. It also caused an autopkgtest failure when reading /proc/pid and with Python 2 compatibility by reading /proc maps. The initial and subsequent regression fixes are in 2.20.11-0ubuntu16, 2.20.11-0ubuntu8.6, 2.20.9-0ubuntu7.12, 2.20.1-0ubuntu2.22 and 2.14.1-0ubuntu3.29+esm3."}], "affected": [{"vendor": "Canonical", "product": "Apport", "versions": [{"version": "2.14.1", "status": "affected", "lessThan": "2.14.1-0ubuntu3.29+esm3", "versionType": "custom"}, {"version": "2.20.1", "status": "affected", "lessThan": "2.20.1-0ubuntu2.22", "versionType": "custom"}, {"version": "2.20.9", "status": "affected", "lessThan": "2.20.9-0ubuntu7.12", "versionType": "custom"}, {"version": "2.20.11", "status": "affected", "lessThan": "2.20.11-0ubuntu8.6", "versionType": "custom", "changes": [{"at": "2.20.11-0ubuntu16", "status": "unaffected"}]}]}], "references": [{"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1839795"}, {"url": "https://usn.ubuntu.com/4171-1/"}, {"url": "https://usn.ubuntu.com/4171-2/"}, {"url": "https://usn.ubuntu.com/4171-3/"}, {"url": "https://usn.ubuntu.com/4171-4/"}, {"url": "https://usn.ubuntu.com/4171-5/"}, {"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1850929"}, {"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1851806"}, {"url": "https://bugs.launchpad.net/apport/+bug/1854237"}, {"url": "http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html"}], "credits": [{"lang": "en", "value": "Kevin Backhouse"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 2.8, "baseSeverity": "LOW"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-250 Execution with Unnecessary Privileges", "cweId": "CWE-250"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"advisory": "https://usn.ubuntu.com/4171-1/", "defect": ["https://launchpad.net/bugs/1839795"], "discovery": "EXTERNAL"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T00:56:22.465Z"}, "title": "CVE Program Container", "references": [{"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1839795", "tags": ["x_transferred"]}, {"url": "https://usn.ubuntu.com/4171-1/", "tags": ["x_transferred"]}, {"url": "https://usn.ubuntu.com/4171-2/", "tags": ["x_transferred"]}, {"url": "https://usn.ubuntu.com/4171-3/", "tags": ["x_transferred"]}, {"url": "https://usn.ubuntu.com/4171-4/", "tags": ["x_transferred"]}, {"url": "https://usn.ubuntu.com/4171-5/", "tags": ["x_transferred"]}, {"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1850929", "tags": ["x_transferred"]}, {"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1851806", "tags": ["x_transferred"]}, {"url": "https://bugs.launchpad.net/apport/+bug/1854237", "tags": ["x_transferred"]}, {"url": "http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apport_project:apport:-:*:*:*:*:*:*:*", "matchCriteriaId": "47363193-B4DB-4654-BFAC-373426212337", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Apport reads and writes information on a crashed process to /proc/pid with elevated privileges. Apport then determines which user the crashed process belongs to by reading /proc/pid through get_pid_info() in data/apport. An unprivileged user could exploit this to read information about a privileged running process by exploiting PID recycling. This information could then be used to obtain ASLR offsets for a process with an existing memory corruption vulnerability. The initial fix introduced regressions in the Python Apport library due to a missing argument in Report.add_proc_environ in apport/report.py. It also caused an autopkgtest failure when reading /proc/pid and with Python 2 compatibility by reading /proc maps. The initial and subsequent regression fixes are in 2.20.11-0ubuntu16, 2.20.11-0ubuntu8.6, 2.20.9-0ubuntu7.12, 2.20.1-0ubuntu2.22 and 2.14.1-0ubuntu3.29+esm3."}, {"lang": "es", "value": "Apport lee y escribe informaci\u00f3n sobre un proceso bloqueado en /proc/pid con privilegios elevados. Apport determina a qu\u00e9 usuario pertenece el proceso bloqueado leyendo /proc/pid por medio de la funci\u00f3n get_pid_info() en el archivo data/apport. Un usuario no privilegiado podr\u00eda aprovechar esto para leer informaci\u00f3n sobre un proceso de ejecuci\u00f3n privilegiado al explotar el reciclaje PID. Esta informaci\u00f3n podr\u00eda ser usada para obtener compensaciones de ASLR para un proceso con una vulnerabilidad de corrupci\u00f3n de la memoria existente. La correcci\u00f3n inicial introdujo regresiones en la biblioteca Python de Apport debido a la falta de argumento en Report.add_proc_environ en apport/report.py. Tambi\u00e9n caus\u00f3 un fallo de autopkgtest cuando se lee /proc/pid y con la compatibilidad con Python 2 por medio de la lectura de mapas /proc. Las correcciones de regresi\u00f3n iniciales y posteriores est\u00e1n en las versiones 2.20.11-0ubuntu16, 2.20.11-0ubuntu8.6, 2.20.9-0ubuntu7.12, 2.20.1-0ubuntu2.22 y 2.14.1-0ubuntu3.29+esm3."}], "id": "CVE-2019-15790", "lastModified": "2023-06-12T07:15:11.920", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 2.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.1, "impactScore": 1.4, "source": "security@ubuntu.com", "type": "Secondary"}]}, "published": "2020-04-28T00:15:12.913", "references": [{"source": "security@ubuntu.com", "url": "http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html"}, {"source": "security@ubuntu.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugs.launchpad.net/apport/+bug/1854237"}, {"source": "security@ubuntu.com", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1839795"}, {"source": "security@ubuntu.com", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1850929"}, {"source": "security@ubuntu.com", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1851806"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4171-1/"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4171-2/"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4171-3/"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4171-4/"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4171-5/"}], "sourceIdentifier": "security@ubuntu.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-250"}], "source": "security@ubuntu.com", "type": "Secondary"}]}

{}