TOCTOU Race Condition vulnerability in apport allows a local attacker to escalate privileges and execute arbitrary code. An attacker may exit the crashed process and exploit PID recycling to spawn a root process with the same PID as the crashed process, which can then be used to escalate privileges. Fixed in 2.20.1-0ubuntu2.24, 2.20.9 versions prior to 2.20.9-0ubuntu7.16 and 2.20.11 versions prior to 2.20.11-0ubuntu27.6. Was ZDI-CAN-11234.
The product checks the state of a resource before using that resource, but the resource’s state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Apport | Canonical | 2.20.11-0ubuntu8 | 2.20.11-0ubuntu8 |
Apport | Canonical | 2.20.11-0ubuntu9 | 2.20.11-0ubuntu9 |
Apport | Canonical | 2.20.11-0ubuntu10 | 2.20.11-0ubuntu10 |
Apport | Canonical | 2.20.11-0ubuntu11 | 2.20.11-0ubuntu11 |
Apport | Canonical | 2.20.11-0ubuntu12 | 2.20.11-0ubuntu12 |
Apport | Canonical | 2.20.11-0ubuntu13 | 2.20.11-0ubuntu13 |
Apport | Canonical | 2.20.11-0ubuntu14 | 2.20.11-0ubuntu14 |
Apport | Canonical | 2.20.11-0ubuntu15 | 2.20.11-0ubuntu15 |
Apport | Canonical | 2.20.11-0ubuntu16 | 2.20.11-0ubuntu16 |
Apport | Canonical | 2.20.11-0ubuntu17 | 2.20.11-0ubuntu17 |
Apport | Canonical | 2.20.11-0ubuntu18 | 2.20.11-0ubuntu18 |
Apport | Canonical | 2.20.11-0ubuntu19 | 2.20.11-0ubuntu19 |
Apport | Canonical | 2.20.11-0ubuntu20 | 2.20.11-0ubuntu20 |
Apport | Canonical | 2.20.11-0ubuntu21 | 2.20.11-0ubuntu21 |
Apport | Canonical | 2.20.11-0ubuntu22 | 2.20.11-0ubuntu22 |
Apport | Canonical | 2.20.11-0ubuntu23 | 2.20.11-0ubuntu23 |
Apport | Canonical | 2.20.11-0ubuntu24 | 2.20.11-0ubuntu24 |
Apport | Canonical | 2.20.11-0ubuntu25 | 2.20.11-0ubuntu25 |
Apport | Canonical | 2.20.11-0ubuntu26 | 2.20.11-0ubuntu26 |
Apport | Canonical | 2.20.11-0ubuntu27 | 2.20.11-0ubuntu27 |
Apport | Canonical | 2.20.11-0ubuntu27.2 | 2.20.11-0ubuntu27.2 |
Apport | Canonical | 2.20.11-0ubuntu27.3 | 2.20.11-0ubuntu27.3 |
Apport | Canonical | 2.20.11-0ubuntu27.4 | 2.20.11-0ubuntu27.4 |
Apport | Canonical | 2.20.11-0ubuntu27.5 | 2.20.11-0ubuntu27.5 |