There is a race condition in the replaced executable detection that, with the correct local configuration, allow an attacker to execute arbitrary code as root.
Weakness
The product checks the state of a resource before using that resource, but the resource’s state can change between the check and the use in a way that invalidates the results of the check.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Apport | Canonical | * | 2.21.0 (excluding) |
| Apport | Ubuntu | bionic | * |
| Apport | Ubuntu | devel | * |
| Apport | Ubuntu | esm-infra-legacy/trusty | * |
| Apport | Ubuntu | esm-infra/bionic | * |
| Apport | Ubuntu | esm-infra/focal | * |
| Apport | Ubuntu | esm-infra/xenial | * |
| Apport | Ubuntu | focal | * |
| Apport | Ubuntu | hirsute | * |
| Apport | Ubuntu | impish | * |
| Apport | Ubuntu | jammy | * |
| Apport | Ubuntu | kinetic | * |
| Apport | Ubuntu | lunar | * |
| Apport | Ubuntu | mantic | * |
| Apport | Ubuntu | noble | * |
| Apport | Ubuntu | oracular | * |
| Apport | Ubuntu | plucky | * |
| Apport | Ubuntu | questing | * |
| Apport | Ubuntu | trusty/esm | * |
| Apport | Ubuntu | upstream | * |
Potential Mitigations
Related Attack Patterns
References
- https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1948376
- https://ubuntu.com/security/notices/USN-5427-1
- https://www.cve.org/CVERecord?id=CVE-2021-3899
- https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1948376
- https://ubuntu.com/security/notices/USN-5427-1
- https://www.cve.org/CVERecord?id=CVE-2021-3899