A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate privilege. It is extremely unlikely that a system administrator would configure sudo to allow unprivileged users to perform this class of exploit.
Weakness
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Apport | Canonical | * | 2.26.0 (including) |
| Apport | Ubuntu | bionic | * |
| Apport | Ubuntu | devel | * |
| Apport | Ubuntu | esm-infra/bionic | * |
| Apport | Ubuntu | esm-infra/focal | * |
| Apport | Ubuntu | focal | * |
| Apport | Ubuntu | jammy | * |
| Apport | Ubuntu | kinetic | * |
| Apport | Ubuntu | lunar | * |
| Apport | Ubuntu | trusty | * |
| Apport | Ubuntu | upstream | * |
| Apport | Ubuntu | xenial | * |
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/122.html
- https://cwe.mitre.org/data/definitions/233.html
- https://cwe.mitre.org/data/definitions/58.html