Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
TOCTOU in apport
Vulnerability Description
TOCTOU Race Condition vulnerability in apport allows a local attacker to escalate privileges and execute arbitrary code. An attacker may exit the crashed process and exploit PID recycling to spawn a root process with the same PID as the crashed process, which can then be used to escalate privileges. Fixed in 2.20.1-0ubuntu2.24, 2.20.9 versions prior to 2.20.9-0ubuntu7.16 and 2.20.11 versions prior to 2.20.11-0ubuntu27.6. Was ZDI-CAN-11234.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
检查时间与使用时间(TOCTOU)的竞争条件
Vulnerability Title
Apport 竞争条件问题漏洞
Vulnerability Description
Apport是一款用于收集并反馈错误信息(当应用程序崩溃时操作系统认为有用的信息)的工具包。 Apport中存在竞争条件问题漏洞。本地攻击者可利用该漏洞提升权限并执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A