Sander Bos discovered a time of check to time of use (TOCTTOU) vulnerability in apport that allowed a user to cause core files to be written in arbitrary directories.
Weakness
The product checks the state of a resource before using that resource, but the resource’s state can change between the check and the use in a way that invalidates the results of the check.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Ubuntu_linux | Canonical | 14.04 (including) | 14.04 (including) |
| Ubuntu_linux | Canonical | 16.04 (including) | 16.04 (including) |
| Ubuntu_linux | Canonical | 18.04 (including) | 18.04 (including) |
| Ubuntu_linux | Canonical | 19.04 (including) | 19.04 (including) |
| Ubuntu_linux | Canonical | 19.10 (including) | 19.10 (including) |
| Apport | Ubuntu | bionic | * |
| Apport | Ubuntu | devel | * |
| Apport | Ubuntu | disco | * |
| Apport | Ubuntu | eoan | * |
| Apport | Ubuntu | esm-infra-legacy/trusty | * |
| Apport | Ubuntu | esm-infra/bionic | * |
| Apport | Ubuntu | esm-infra/xenial | * |
| Apport | Ubuntu | trusty | * |
| Apport | Ubuntu | trusty/esm | * |
| Apport | Ubuntu | xenial | * |