Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Race Condition in Canonical Apport
Vulnerability Description
Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. When handling a crash, the function `_check_global_pid_and_forward`, which detects if the crashing process resided in a container, was being called before `consistency_checks`, which attempts to detect if the crashing process had been replaced. Because of this, if a process crashed and was quickly replaced with a containerized one, apport could be made to forward the core dump to the container, potentially leaking sensitive information. `consistency_checks` is now being called before `_check_global_pid_and_forward`. Additionally, given that the PID-reuse race condition cannot be reliably detected from userspace alone, crashes are only forwarded to containers if the kernel provided a pidfd, or if the crashing process was unprivileged (i.e., if dump mode == 1).
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
使用共享资源的并发执行不恰当同步问题(竞争条件)
Vulnerability Title
Canonical Apport 安全漏洞
Vulnerability Description
Canonical Apport是英国科能软件(Canonical)公司的一款用于收集并反馈错误信息(当应用程序崩溃时操作系统认为有用的信息)的工具包。 Canonical Apport 2.32.0及之前版本存在安全漏洞,该漏洞源于竞争条件,可能导致敏感信息泄露。
CVSS Information
N/A
Vulnerability Type
N/A