CVE-2019-11481

Kevin Backhouse discovered that apport would read a user-supplied configuration file with elevated privileges. By replacing the file with a symbolic link, a user could get apport to read any file on the system as root, with unknown consequences.
References
Link Resource
https://usn.ubuntu.com/usn/usn-4171-1 Third Party Advisory
https://usn.ubuntu.com/usn/usn-4171-2 Third Party Advisory
Configurations

Configuration 1

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
cpe:2.3:a:apport_project:apport:-:*:*:*:*:*:*:*

Information

Published : 2020-02-08 05:15

Updated : 2020-02-12 09:21


NVD link : CVE-2019-11481

Mitre link : CVE-2019-11481

Products Affected
CWE