Sander Bos

**Nome do software vulnerável e versões afetadas: CISOfy Lynis, versões 2.x a 2.7.5 Descrição: A vulnerabilidade permite que um invasor obtenha a chave de licença ao examinar a lista de processos durante um upload de dados. Essa chave de licença pode então ser usada para enviar dados a um servidor Lynis central, possibilitando potencialmente o upload de dados de varredura adicionais. No entanto, ressalta-se que o conhecimento da chave de licença não permite a extração de dados. Recomendações: Para as versões 2.x a 2.7.5 do CISOfy Lynis, considere restringir o acesso à lista de processos durante o upload de dados para minimizar o risco de a chave de licença ser obtida. Como solução temporária, restrinja a capacidade de enviar dados para o servidor central do Lynis até que uma correção esteja disponível. No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Nome do software vulnerável e versões afetadas** Byobu (versões afetadas não especificadas) **Descrição** O gancho Apport do Byobu pode divulgar informações confidenciais. Ele envia automaticamente o arquivo .screenrc do usuário local, que pode conter nomes de host, nomes de usuário e senhas privados. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Nome do software vulnerável e versões afetadas** eXtplorer (versões afetadas não especificadas) **Descrição** A vulnerabilidade permite que os diretórios do sistema /usr/ e /etc/extplorer/ fiquem acessíveis a qualquer pessoa via HTTP, o que pode levar ao vazamento de dados, à divulgação de informações e à execução remota de código no servidor web. Isso se deve a alterações introduzidas nos arquivos de patch Makefile debian/patches/debian-changes-2.1.0b6+dfsg-1 ou debian/patches/adds-a-makefile.patch. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** Apport (affected versions not specified) **Description** The issue is related to Apport's lock file being in a world-writable directory, allowing all users to prevent crash handling. This can lead to a denial of service. The estimated number of potentially affected devices is not specified. There is no information about real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apport (affected versions not specified) **Description** The issue is related to Apport's handling of crash dumps from containers, which could allow a local attacker to generate a crash report for a privileged process that is readable by an unprivileged user. This is due to insufficient access control in the error logging service, potentially enabling an attacker to create a publicly accessible report for a privileged process. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** apport (affected versions not specified) **Description** A time of check to time of use (TOCTTOU) vulnerability was discovered in apport, allowing a user to cause core files to be written in arbitrary directories. The issue is related to synchronization errors when using a shared resource, which can be exploited to create a public crash report for a privileged process. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** base-files package in Ubuntu versions 18.04 before 10.1ubuntu2.2 base-files package in Ubuntu versions 18.10 before 10.1ubuntu6 **Description** The MOTD update script in the base-files package incorrectly handled temporary files. A local attacker could use this issue to cause a denial of service, or possibly escalate privileges if kernel symlink restrictions were disabled. **Recommendations** For Ubuntu 18.04 before 10.1ubuntu2.2, update to version 10.1ubuntu2.2 or later to resolve the issue. For Ubuntu 18.10 before 10.1ubuntu6, update to version 10.1ubuntu6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apport versions 2.14.1-0ubuntu3.28 Apport versions 2.20.1-0ubuntu2.15 through 2.20.1-0ubuntu2.17 Apport versions 2.20.7-0ubuntu3.7 Apport versions 2.20.7-0ubuntu3.8 Apport versions 2.20.8-0ubuntu4 through 2.20.9-0ubuntu7 **Description** The issue allows local users to create certain files as root, potentially leading to denial of service via resource exhaustion, gaining root privileges, or escaping from containers. This is due to the `is same ns()` function returning True when `/proc/<global pid>/` does not exist, indicating the crash should be handled in the global namespace rather than inside a container. However, the portion of the data/apport code that decides whether to forward a crash to a container does not always replace `sys.argv[1]` with the value stored in the `host pid` variable when `/proc/<global pid>/` does not exist, resulting in the container pid being used in the global namespace. **Recommendations** For Apport versions 2.14.1-0ubuntu3.28, update to a version that fixes the issue. For Apport versions 2.20.1-0ubuntu2.15 through 2.20.1-0ubuntu2.17, update to a version that fixes the issue. For Apport versions 2.20.7-0ubuntu3.7, update to a version that fixes the issue. For Apport versions 2.20.7-0ubuntu3.8, update to a version that fixes the issue. For Apport versions 2.20.8-0ubuntu4 through 2.20.9-0ubuntu7, update to a version that fixes the issue.

Name of the Vulnerable Software and Affected Versions: Apport versions prior to 2.13 Description: The issue is related to uncontrolled resource consumption in the Apport error reporting software in the Ubuntu operating system. Exploitation of this issue could allow an attacker to cause a denial of service, escape from Linux Containers (LXC), or gain root privileges by leveraging files that Apport can create as root in the event of a crash. This can be achieved by local users creating certain files as root, which can then be used to perform malicious actions. Recommendations: For Apport versions prior to 2.13, update to version 2.13 or later to resolve the issue. As a temporary workaround, consider restricting the use of Apport to minimize the risk of exploitation. Avoid using Apport in environments where it can be exploited by local users until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Apport versions 2.13 through 2.20.7 Description: The issue is related to Apport's handling of crashes from a PID namespace, allowing local users to create files as root. This could be exploited to cause a denial of service via resource exhaustion or potentially gain root privileges. The vulnerability is associated with uncontrolled resource consumption and can be exploited to cause a denial of service or gain root privileges using files created by Apport as root in the event of a crash. Recommendations: For Apport versions 2.13 through 2.20.7, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Apport versions prior to 2.20.8 Description: The issue is related to Apport's handling of core dumps from setuid binaries, allowing local users to create certain files as root. This could be leveraged by an attacker to perform a denial of service via resource exhaustion or possibly gain root privileges. The vulnerability is a result of an incomplete fix for a previous issue. Recommendations: For Apport versions prior to 2.20.8, update to version 2.20.8 or later to resolve the issue. As a temporary workaround, consider restricting the use of setuid binaries to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Pulp versions prior to 2.8.5 **Description** The issue allows local users to obtain the CA key due to a problem in the pulp-qpid-ssl-cfg script. **Recommendations** For versions prior to 2.8.5, update to version 2.8.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Pulp versions prior to 2.8.3 **Description** The issue allows local users to leak keys or write to arbitrary files via a symlink attack, specifically targeting the pulp-gen-nodes-certificate script in Pulp. **Recommendations** For versions prior to 2.8.3, update to version 2.8.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Pulp versions prior to 2.8.3 **Description** The issue arises from the insecure creation of a temporary directory during CA key generation. **Recommendations** For versions prior to 2.8.3, update to version 2.8.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apport versions prior to 2.17.2-0ubuntu1.1 Apport versions prior to 2.14.70ubuntu8.5 Apport versions prior to 2.14.1-0ubuntu3.11 Apport versions prior to 2.0.1-0ubuntu17.9 **Description** The issue is related to insufficient access control in the Apport service of the Ubuntu operating system. It can be exploited by a local attacker to gain root privileges and modify arbitrary files due to incorrect handling of permissions when creating core dumps for setuid binaries. **Recommendations** For Apport version prior to 2.17.2-0ubuntu1.1, update to version 2.17.2-0ubuntu1.1 or later. For Apport version prior to 2.14.70ubuntu8.5, update to version 2.14.70ubuntu8.5 or later. For Apport version prior to 2.14.1-0ubuntu3.11, update to version 2.14.1-0ubuntu3.11 or later. For Apport version prior to 2.0.1-0ubuntu17.9, update to version 2.0.1-0ubuntu17.9 or later.