TOCTOU Race Condition vulnerability in apport allows a local attacker to escalate privileges and execute arbitrary code. An attacker may exit the crashed process and exploit PID recycling to spawn a root process with the same PID as the crashed process, which can then be used to escalate privileges. Fixed in 2.20.1-0ubuntu2.24, 2.20.9 versions prior to 2.20.9-0ubuntu7.16 and 2.20.11 versions prior to 2.20.11-0ubuntu27.6. Was ZDI-CAN-11234.
The product checks the state of a resource before using that resource, but the resource’s state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Apport | Canonical | 2.20.11-0ubuntu8 (including) | 2.20.11-0ubuntu8 (including) |
Apport | Canonical | 2.20.11-0ubuntu9 (including) | 2.20.11-0ubuntu9 (including) |
Apport | Canonical | 2.20.11-0ubuntu10 (including) | 2.20.11-0ubuntu10 (including) |
Apport | Canonical | 2.20.11-0ubuntu11 (including) | 2.20.11-0ubuntu11 (including) |
Apport | Canonical | 2.20.11-0ubuntu12 (including) | 2.20.11-0ubuntu12 (including) |
Apport | Canonical | 2.20.11-0ubuntu13 (including) | 2.20.11-0ubuntu13 (including) |
Apport | Canonical | 2.20.11-0ubuntu14 (including) | 2.20.11-0ubuntu14 (including) |
Apport | Canonical | 2.20.11-0ubuntu15 (including) | 2.20.11-0ubuntu15 (including) |
Apport | Canonical | 2.20.11-0ubuntu16 (including) | 2.20.11-0ubuntu16 (including) |
Apport | Canonical | 2.20.11-0ubuntu17 (including) | 2.20.11-0ubuntu17 (including) |
Apport | Canonical | 2.20.11-0ubuntu18 (including) | 2.20.11-0ubuntu18 (including) |
Apport | Canonical | 2.20.11-0ubuntu19 (including) | 2.20.11-0ubuntu19 (including) |
Apport | Canonical | 2.20.11-0ubuntu20 (including) | 2.20.11-0ubuntu20 (including) |
Apport | Canonical | 2.20.11-0ubuntu21 (including) | 2.20.11-0ubuntu21 (including) |
Apport | Canonical | 2.20.11-0ubuntu22 (including) | 2.20.11-0ubuntu22 (including) |
Apport | Canonical | 2.20.11-0ubuntu23 (including) | 2.20.11-0ubuntu23 (including) |
Apport | Canonical | 2.20.11-0ubuntu24 (including) | 2.20.11-0ubuntu24 (including) |
Apport | Canonical | 2.20.11-0ubuntu25 (including) | 2.20.11-0ubuntu25 (including) |
Apport | Canonical | 2.20.11-0ubuntu26 (including) | 2.20.11-0ubuntu26 (including) |
Apport | Canonical | 2.20.11-0ubuntu27 (including) | 2.20.11-0ubuntu27 (including) |
Apport | Canonical | 2.20.11-0ubuntu27.2 (including) | 2.20.11-0ubuntu27.2 (including) |
Apport | Canonical | 2.20.11-0ubuntu27.3 (including) | 2.20.11-0ubuntu27.3 (including) |
Apport | Canonical | 2.20.11-0ubuntu27.4 (including) | 2.20.11-0ubuntu27.4 (including) |
Apport | Canonical | 2.20.11-0ubuntu27.5 (including) | 2.20.11-0ubuntu27.5 (including) |
Apport | Ubuntu | bionic | * |
Apport | Ubuntu | devel | * |
Apport | Ubuntu | eoan | * |
Apport | Ubuntu | focal | * |
Apport | Ubuntu | trusty | * |
Apport | Ubuntu | trusty/esm | * |
Apport | Ubuntu | xenial | * |