CVE-2019-11481

Kevin Backhouse discovered that apport would read a user-supplied configuration file with elevated privileges. By replacing the file with a symbolic link, a user could get apport to read any file on the system as root, with unknown consequences.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:apport_project:apport:-:*:*:*:*:*:*:*

History

12 Jun 2023, 07:15

Type Values Removed Values Added
References
  • (MISC) http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html -

Information

Published : 2020-02-08 05:15

Updated : 2024-02-28 17:28


NVD link : CVE-2019-11481

Mitre link : CVE-2019-11481

CVE.ORG link : CVE-2019-11481


JSON object : View

Products Affected

canonical

  • ubuntu_linux

apport_project

  • apport
CWE
CWE-59

Improper Link Resolution Before File Access ('Link Following')