CVE-2019-11481
LOWUbuntu Linux Apport - Privilege Escalation via Symbolic Link Attack
Title source: llmDescription
Kevin Backhouse discovered that apport would read a user-supplied configuration file with elevated privileges. By replacing the file with a symbolic link, a user could get apport to read any file on the system as root, with unknown consequences.
References (3)
Core 3
Core References
Third Party Advisory
https://usn.ubuntu.com/usn/usn-4171-1
Third Party Advisory
https://usn.ubuntu.com/usn/usn-4171-2
Exploit, Third Party Advisory
http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html
Scores
CVSS v3
3.8
EPSS
0.0013
EPSS Percentile
32.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Details
CWE
CWE-59
Status
published
Products (6)
apport_project/apport
canonical/ubuntu_linux
14.04
canonical/ubuntu_linux
16.04
canonical/ubuntu_linux
18.04
canonical/ubuntu_linux
19.04
canonical/ubuntu_linux
19.10
Published
Feb 08, 2020
Tracked Since
Feb 18, 2026