Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-5054 PoC — Canonical Apport 安全漏洞

Source
https://github.com/daryllundy/cve-2025-5054
Associated Vulnerability
Title:Canonical Apport 安全漏洞 (CVE-2025-5054)
Description:Canonical Apport是英国科能软件(Canonical)公司的一款用于收集并反馈错误信息(当应用程序崩溃时操作系统认为有用的信息)的工具包。 Canonical Apport 2.32.0及之前版本存在安全漏洞,该漏洞源于竞争条件,可能导致敏感信息泄露。
Readme
# CVE-2025-5054 Vulnerability Detection Tool

A Python tool to check if your Ubuntu system is vulnerable to [CVE-2025-5054](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5054), a race condition in Apport that allows local information disclosure. This tool performs a series of checks to determine your system's status and provides recommendations if you are affected.

---

## Features

- Detects if the system is running Ubuntu and extracts version information
- Checks if Apport is installed and determines its version
- Determines if the installed Apport version is vulnerable (≤ 2.32.0)
- Checks if Apport is configured as the core dump handler
- Verifies mitigation settings (e.g., suid_dumpable)
- Looks for common attack vectors (e.g., SUID/SGID unix_chkpwd)
- Provides a clear summary and actionable recommendations

---

## Requirements

- Python 3.12 or higher
- No external dependencies

---

## Installation

1. **Clone the repository:**

   ```bash
   git clone https://github.com/daryllundy/cve-2025-5054
   cd cve-2025-5054
   ```
2. **Create and activate a virtual environment using [uv](https://github.com/astral-sh/uv):**

   ```bash
   uv venv
   source .venv/bin/activate
   ```
---

## Usage

> **For best results, run as root (sudo) to allow all checks to complete.**

```bash
uv run cve_2025_5054_detector.py
```

Sample output:

```
============================================================
CVE-2025-5054 Vulnerability Detection Tool
============================================================

[*] Checking operating system...
[*] Checking if Apport is installed...
[*] Checking Apport version...
[*] Checking core dump configuration...
[*] Checking suid_dumpable setting...
[*] Checking for unix_chkpwd...

============================================================
DETECTION RESULTS
============================================================
[OS Check] INFO: Ubuntu 22.04 detected
[Apport Check] INFO: Apport version 2.32.0 installed
[Version Check] VULNERABLE: Version 2.32.0 is vulnerable
[Core Pattern] INFO: Apport is configured as core dump handler
[Mitigation] WARNING: suid_dumpable=1 (default, vulnerable)
[Attack Vector] INFO: unix_chkpwd found at /usr/sbin/unix_chkpwd (not SUID/SGID)

============================================================
SUMMARY
============================================================
[!] YOUR SYSTEM APPEARS TO BE VULNERABLE TO CVE-2025-5054

Recommended actions:
1. Update Apport to the latest version:
   sudo apt update && sudo apt upgrade apport

2. As a temporary mitigation, disable SUID core dumps:
   sudo sysctl fs.suid_dumpable=0
   echo 'fs.suid_dumpable=0' | sudo tee -a /etc/sysctl.conf

3. Consider disabling Apport temporarily if updates are not available:
   sudo systemctl stop apport.service
   sudo systemctl disable apport.service
```

---

## License

This project is licensed under the [MIT License](LICENSE).

---

## Credits

Developed by Daryl Lundy
File Snapshot

 [4.0K]  /data/pocs/ccdf878061046dfb50f8e8eb191b524a2869933a
├── [ 11K]  cve_2025_5054_detector.py
├── [1.0K]  LICENSE
└── [2.9K]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.