CVE-2021-3899

HIGH

apport < 2.21.0 - Time-of-check Time-of-use Race Condition

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-3899. PoCs published by liumuqing.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2021-3899, leveraging a PID reuse race condition in Apport to achieve local privilege escalation (LPE) by dropping a malicious logrotate configuration file. The exploit involves crashing a process, reoccupying its PID with a root-owned process, and triggering logrotate to execute arbitrary commands as root.

Description

There is a race condition in the 'replaced executable' detection that, with the correct local configuration, allow an attacker to execute arbitrary code as root.

Exploits (1)

nomisec WORKING POC 3 stars
by liumuqing · poc
https://github.com/liumuqing/CVE-2021-3899_PoC

This repository contains a functional exploit for CVE-2021-3899, leveraging a PID reuse race condition in Apport to achieve local privilege escalation (LPE) by dropping a malicious logrotate configuration file. The exploit involves crashing a process, reoccupying its PID with a root-owned process, and triggering logrotate to execute arbitrary commands as root.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Complex
Reliability
Racy
Target: Apport (<= 2.20.11-0ubuntu27.10)
Auth required
Prerequisites: Older version of Apport installed · Sudo configuration allowing passwordless ping execution as root · PID rollback preparation
mistral-large-3 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3
Core References
Vendor Advisory vendor-advisory
https://ubuntu.com/security/notices/USN-5427-1
Third Party Advisory issue-tracking
https://www.cve.org/CVERecord?id=CVE-2021-3899

Scores

CVSS v3 7.8
EPSS 0.0038
EPSS Percentile 30.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-367
Status published
Products (5)
canonical/apport < 2.21.0
canonical/ubuntu_linux 18.04
canonical/ubuntu_linux 20.04
canonical/ubuntu_linux 21.10
canonical/ubuntu_linux 22.04
Published Jun 03, 2024
Tracked Since Feb 18, 2026