CVE-2019-11482

Published: Feb 8, 2020Modified: Nov 21, 2024

4.7

Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.0 / Impact: 3.6

Source: NVD

Description

Sander Bos discovered a time of check to time of use (TOCTTOU) vulnerability in apport that allowed a user to cause core files to be written in arbitrary directories.

Affected (6)

Products: Canonical: Ubuntu Linux · Apport Project: Apport

1 product

1 product

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 18.04
Canonical Ubuntu Linux	Version 19.04
Canonical Ubuntu Linux	Version 19.10

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Apport Project Apport	All versions

Related CWEs

Time-of-check Time-of-use (TOCTOU) Race Condition

The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.

References (4)

https://usn.ubuntu.com/usn/usn-4171-1

Source: security@ubuntu.com

Third Party Advisory

https://usn.ubuntu.com/usn/usn-4171-2

Source: security@ubuntu.com

Third Party Advisory

https://usn.ubuntu.com/usn/usn-4171-1

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://usn.ubuntu.com/usn/usn-4171-2

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.