Vulnerability Details : CVE-2019-15790
Apport reads and writes information on a crashed process to /proc/pid with elevated privileges. Apport then determines which user the crashed process belongs to by reading /proc/pid through get_pid_info() in data/apport. An unprivileged user could exploit this to read information about a privileged running process by exploiting PID recycling. This information could then be used to obtain ASLR offsets for a process with an existing memory corruption vulnerability. The initial fix introduced regressions in the Python Apport library due to a missing argument in Report.add_proc_environ in apport/report.py. It also caused an autopkgtest failure when reading /proc/pid and with Python 2 compatibility by reading /proc maps. The initial and subsequent regression fixes are in 2.20.11-0ubuntu16, 2.20.11-0ubuntu8.6, 2.20.9-0ubuntu7.12, 2.20.1-0ubuntu2.22 and 2.14.1-0ubuntu3.29+esm3.
Vulnerability category: Memory Corruption
Products affected by CVE-2019-15790
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
- cpe:2.3:a:apport_project:apport:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-15790
0.10%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 40 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-15790
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST | |
3.3
|
LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
1.8
|
1.4
|
NIST | |
2.8
|
LOW | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N |
1.1
|
1.4
|
Canonical Ltd. |
CWE ids for CVE-2019-15790
-
The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.Assigned by: security@ubuntu.com (Secondary)
-
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-15790
-
https://usn.ubuntu.com/4171-4/
USN-4171-4: Apport regression | Ubuntu security noticesThird Party Advisory
-
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1850929
Bug #1850929 “python3-apport regression: missing argument in Rep...” : Bugs : apport package : UbuntuExploit;Issue Tracking;Patch;Third Party Advisory
-
http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html
Ubuntu Apport / Whoopsie DoS / Integer Overflow ≈ Packet Storm
-
https://bugs.launchpad.net/apport/+bug/1854237
Bug #1854237 “autopkgtests fail after security fixes” : Bugs : ApportIssue Tracking;Third Party Advisory
-
https://usn.ubuntu.com/4171-3/
USN-4171-3: Apport regression | Ubuntu security noticesThird Party Advisory
-
https://usn.ubuntu.com/4171-2/
USN-4171-2: Apport vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://usn.ubuntu.com/4171-5/
USN-4171-5: Apport regression | Ubuntu security noticesThird Party Advisory
-
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1839795
Bug #1839795 “PID recycling enables an unprivileged user to gene...” : Bugs : apport package : UbuntuExploit;Issue Tracking;Third Party Advisory
-
https://usn.ubuntu.com/4171-1/
USN-4171-1: Apport vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1851806
Bug #1851806 “'module' object has no attribute 'O_PATH'” : Bugs : apport package : UbuntuExploit;Issue Tracking;Third Party Advisory
Jump to