CVE-2019-11482

MEDIUM

Ubuntu Linux - Time-of-check Time-of-use Race Condition in Apport Core File Handling

Title source: llm
STIX 2.1

Description

Sander Bos discovered a time of check to time of use (TOCTTOU) vulnerability in apport that allowed a user to cause core files to be written in arbitrary directories.

References (2)

Core 2
Core References
Third Party Advisory x_refsource_misc
https://usn.ubuntu.com/usn/usn-4171-1
Third Party Advisory x_refsource_misc
https://usn.ubuntu.com/usn/usn-4171-2

Scores

CVSS v3 4.2
EPSS 0.0009
EPSS Percentile 24.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:L

Details

CWE
CWE-367
Status published
Products (6)
apport_project/apport
canonical/ubuntu_linux 14.04
canonical/ubuntu_linux 16.04
canonical/ubuntu_linux 18.04
canonical/ubuntu_linux 19.04
canonical/ubuntu_linux 19.10
Published Feb 08, 2020
Tracked Since Feb 18, 2026