Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Apport race condition in crash report permissions
Vulnerability Description
Time-of-check Time-of-use Race Condition vulnerability on crash report ownership change in Apport allows for a possible privilege escalation opportunity. If fs.protected_symlinks is disabled, this can be exploited between the os.open and os.chown calls when the Apport cron script clears out crash files of size 0. A symlink with the same name as the deleted file can then be created upon which chown will be called, changing the file owner to root. Fixed in versions 2.20.1-0ubuntu2.23, 2.20.9-0ubuntu7.14, 2.20.11-0ubuntu8.8 and 2.20.11-0ubuntu22.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Vulnerability Type
检查时间与使用时间(TOCTOU)的竞争条件
Vulnerability Title
Apport 安全漏洞
Vulnerability Description
Apport是一款用于收集并反馈错误信息(当应用程序崩溃时操作系统认为有用的信息)的工具包。 Apport中存在安全漏洞。本地攻击者可通过实施符号链接攻击利用该漏洞读取任意文件。
CVSS Information
N/A
Vulnerability Type
N/A