SB2022051834 - Ubuntu update for apport 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2022051834

SB2022051834 - Ubuntu update for apport

Published: May 18, 2022 Updated: September 13, 2022

Security Bulletin ID SB2022051834
Severity
Low
Patch available
YES
Number of vulnerabilities 8
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 8 secuirty vulnerabilities.


1) Race condition (CVE-ID: CVE-2021-3899)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition in the replaced executable detection. A local user can exploit the race and execute arbitrary code with root privileges.


2) Security features bypass (CVE-ID: CVE-2022-1242)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect handling of connections to Apport sockets inside containers. A local user can trick apport into connecting to arbitrary sockets as the root user.


3) Resource exhaustion (CVE-ID: CVE-2022-28652)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when reading user settings files. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.


4) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2022-28654)

The vulnerability allows a local user to perform a denial of service attack.

The vulnerability exists due to not limiting the amount of logging from D-Bus connections. A local user can fill up the Apport log file and cause denial of service.


5) Security features bypass (CVE-ID: CVE-2022-28655)

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to apport does not filter D-Bus connection strings. A local user can force apport to initiate arbitrary network connections.


6) Uncontrolled Memory Allocation (CVE-ID: CVE-2022-28656)

The vulnerability allows a local user to perform a denial of service attack.

The vulnerability exists due to RAM consumption in the is_closing_session() function in the Apport process. A local user can cause Apport to consume memory and cause a denial of service.


7) Security features bypass (CVE-ID: CVE-2022-28657)

The vulnerability allows a local user to execute arbitrary code with escalated privileges.

The vulnerability exists due to Apport does not disable the python crash handler before chrooting into a container. A local user can bypass implemented security restrictions and execute arbitrary code with escalated privileges.


8) Improper Neutralization of Argument Delimiters in a Command (CVE-ID: CVE-2022-28658)

The vulnerability allows a local user to spoof arguments.

The vulnerability exists due to Apport incorrectly handles filename argument whitespace. A local user can spoof arguments to the Apport daemon.


Remediation

Install update from vendor's website.

References