{ "dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": { "state": "PUBLISHED", "cveId": "CVE-2019-15790", "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "assignerShortName": "canonical", "dateUpdated": "2025-11-03T19:25:26.757Z", "dateReserved": "2019-08-29T00:00:00.000Z", "datePublished": "2020-04-27T23:25:19.961Z" }, "containers": { "cna": { "title": "Apport reads PID files with elevated privileges", "datePublic": "2019-10-30T00:00:00.000Z", "providerMetadata": { "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical", "dateUpdated": "2023-06-12T00:00:00.000Z" }, "descriptions": [ { "lang": "en", "value": "Apport reads and writes information on a crashed process to /proc/pid with elevated privileges. Apport then determines which user the crashed process belongs to by reading /proc/pid through get_pid_info() in data/apport. An unprivileged user could exploit this to read information about a privileged running process by exploiting PID recycling. This information could then be used to obtain ASLR offsets for a process with an existing memory corruption vulnerability. The initial fix introduced regressions in the Python Apport library due to a missing argument in Report.add_proc_environ in apport/report.py. It also caused an autopkgtest failure when reading /proc/pid and with Python 2 compatibility by reading /proc maps. The initial and subsequent regression fixes are in 2.20.11-0ubuntu16, 2.20.11-0ubuntu8.6, 2.20.9-0ubuntu7.12, 2.20.1-0ubuntu2.22 and 2.14.1-0ubuntu3.29+esm3." } ], "affected": [ { "vendor": "Canonical", "product": "Apport", "versions": [ { "version": "2.14.1", "status": "affected", "lessThan": "2.14.1-0ubuntu3.29+esm3", "versionType": "custom" }, { "version": "2.20.1", "status": "affected", "lessThan": "2.20.1-0ubuntu2.22", "versionType": "custom" }, { "version": "2.20.9", "status": "affected", "lessThan": "2.20.9-0ubuntu7.12", "versionType": "custom" }, { "version": "2.20.11", "status": "affected", "lessThan": "2.20.11-0ubuntu8.6", "versionType": "custom", "changes": [ { "at": "2.20.11-0ubuntu16", "status": "unaffected" } ] } ] } ], "references": [ { "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1839795" }, { "url": "https://usn.ubuntu.com/4171-1/" }, { "url": "https://usn.ubuntu.com/4171-2/" }, { "url": "https://usn.ubuntu.com/4171-3/" }, { "url": "https://usn.ubuntu.com/4171-4/" }, { "url": "https://usn.ubuntu.com/4171-5/" }, { "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1850929" }, { "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1851806" }, { "url": "https://bugs.launchpad.net/apport/+bug/1854237" }, { "url": "http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html" } ], "credits": [ { "lang": "en", "value": "Kevin Backhouse" } ], "metrics": [ { "cvssV3_1": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 2.8, "baseSeverity": "LOW" } } ], "problemTypes": [ { "descriptions": [ { "type": "CWE", "lang": "en", "description": "CWE-250 Execution with Unnecessary Privileges", "cweId": "CWE-250" } ] } ], "x_generator": { "engine": "Vulnogram 0.0.9" }, "source": { "advisory": "https://usn.ubuntu.com/4171-1/", "defect": [ "https://launchpad.net/bugs/1839795" ], "discovery": "EXTERNAL" } }, "adp": [ { "title": "CVE Program Container", "references": [ { "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1839795", "tags": [ "x_transferred" ] }, { "url": "https://usn.ubuntu.com/4171-1/", "tags": [ "x_transferred" ] }, { "url": "https://usn.ubuntu.com/4171-2/", "tags": [ "x_transferred" ] }, { "url": "https://usn.ubuntu.com/4171-3/", "tags": [ "x_transferred" ] }, { "url": "https://usn.ubuntu.com/4171-4/", "tags": [ "x_transferred" ] }, { "url": "https://usn.ubuntu.com/4171-5/", "tags": [ "x_transferred" ] }, { "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1850929", "tags": [ "x_transferred" ] }, { "url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1851806", "tags": [ "x_transferred" ] }, { "url": "https://bugs.launchpad.net/apport/+bug/1854237", "tags": [ "x_transferred" ] }, { "url": "http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html", "tags": [ "x_transferred" ] }, { "url": "http://seclists.org/fulldisclosure/2025/Jun/9" } ], "providerMetadata": { "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T19:25:26.757Z" } } ] } }