CVE-2019-7307— Apport contains a TOCTTOU vulnerability when reading the users ~/.apport-ignore.xml

Apport contains a TOCTTOU vulnerability when reading the users ~/.apport-ignore.xml

Apport before versions 2.14.1-0ubuntu3.29+esm1, 2.20.1-0ubuntu2.19, 2.20.9-0ubuntu7.7, 2.20.10-0ubuntu27.1, 2.20.11-0ubuntu5 contained a TOCTTOU vulnerability when reading the users ~/.apport-ignore.xml file, which allows a local attacker to replace this file with a symlink to any other file on the system and so cause Apport to include the contents of this other file in the resulting crash report. The crash report could then be read by that user either by causing it to be uploaded and reported to Launchpad, or by leveraging some other vulnerability to read the resulting crash report, and so allow the user to read arbitrary files on the system.

N/A

检查时间与使用时间(TOCTOU)的竞争条件

Apport 竞争条件问题漏洞

Apport是一款用于收集并反馈错误信息（当应用程序崩溃时操作系统认为有用的信息）的工具包。 Apport中存在竞争条件问题漏洞。攻击者可利用该漏洞获取崩溃报告中的敏感信息。

N/A

N/A