Plattform
linux
Komponente
apport
Behoben in
2.14.1-0ubuntu3.29+esm2
2.20.1-0ubuntu2.20
2.20.9-0ubuntu7.8
2.20.11-0ubuntu8.1
CVE-2019-11485 is a vulnerability in Apport, a crash reporting system for Ubuntu. This flaw allows any user on the system to prevent crash handling by manipulating a world-writable lock file, potentially concealing system errors and hindering debugging efforts. The vulnerability impacts Apport versions 2.14.1 through 2.20.11-0ubuntu8.1, and a fix is available in version 2.20.11-0ubuntu8.1.
The primary impact of CVE-2019-11485 is the ability for a malicious or even an unaware user to suppress crash reports. This can lead to a lack of visibility into system instability and prevent developers from identifying and fixing underlying issues. While not directly exploitable for remote code execution, the ability to hide crashes can significantly complicate troubleshooting and potentially mask more serious problems. Attackers could leverage this to obscure their activities or prevent system administrators from detecting anomalies. The blast radius is limited to the affected system, but the consequences of undetected crashes can be far-reaching.
CVE-2019-11485 was publicly disclosed on February 8, 2020. There is no indication of active exploitation or inclusion in the CISA KEV catalog. Public proof-of-concept code is not widely available, suggesting a relatively low probability of exploitation in the wild. The vulnerability's impact is primarily related to operational visibility rather than direct system compromise.
Systems administrators and developers using Ubuntu distributions with vulnerable Apport versions are at risk. Shared hosting environments where multiple users have access to the system are particularly vulnerable, as a malicious user could potentially prevent crash reporting for other users or the entire system. Legacy systems running older Ubuntu releases are also at increased risk.
• linux / server:
find /var/crash -type f -perm -002 -print• linux / server:
journalctl -u apport | grep "lock file"• linux / server:
ls -l /var/crash/apport/apport.lockdisclosure
Exploit-Status
EPSS
0.09% (26% Perzentil)
CVSS-Vektor
The recommended mitigation for CVE-2019-11485 is to upgrade Apport to version 2.20.11-0ubuntu8.1 or later. If an immediate upgrade is not possible due to compatibility concerns or system downtime constraints, consider restricting write access to the Apport lock file. This can be achieved by modifying file permissions using chmod to ensure only the Apport process has write access. While not a complete fix, this can prevent unauthorized modification of the lock file. After upgrading, verify the fix by attempting to trigger a crash and confirming that the crash report is generated and handled correctly.
Actualice el paquete apport a la versión corregida proporcionada por Ubuntu. Esto solucionará la vulnerabilidad que permitía a usuarios locales evitar el manejo de fallos del sistema.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2019-11485 is a vulnerability in Apport, Ubuntu's crash reporting system, allowing users to prevent crash handling by manipulating a world-writable lock file. It's rated as LOW severity.
You are affected if you are running Apport versions 2.14.1–2.20.11-0ubuntu8.1. Check your version and upgrade if necessary.
Upgrade Apport to version 2.20.11-0ubuntu8.1 or later. As a temporary workaround, restrict write access to the Apport lock file using chmod.
There is no evidence of active exploitation of CVE-2019-11485 in the wild at this time.
Refer to the Ubuntu Security Notices for CVE-2019-11485: https://ubuntu.com/security/notices/2881384
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.