Maximilien Bourgeteau

**Name of the Vulnerable Software and Affected Versions** Apport versions prior to 2.20.1-0ubuntu2.23 Apport versions prior to 2.20.9-0ubuntu7.14 Apport versions prior to 2.20.11-0ubuntu8.8 Apport versions prior to 2.20.11-0ubuntu22 **Description** A Time-of-check Time-of-use Race Condition issue exists in Apport related to crash report ownership change. This can potentially allow for privilege escalation if the `fs.protected symlinks` setting is disabled. The vulnerability can be exploited between the `os.open` and `os.chown` calls when the Apport cron script removes crash files of size 0. An attacker can create a symlink with the same name as the deleted file, and then the `chown` call will change the file owner to root. **Recommendations** For Apport version prior to 2.20.1-0ubuntu2.23, update to version 2.20.1-0ubuntu2.23 or later. For Apport version prior to 2.20.9-0ubuntu7.14, update to version 2.20.9-0ubuntu7.14 or later. For Apport version prior to 2.20.11-0ubuntu8.8, update to version 2.20.11-0ubuntu8.8 or later. For Apport version prior to 2.20.11-0ubuntu22, update to version 2.20.11-0ubuntu22 or later.

**Name of the Vulnerable Software and Affected Versions** Apport versions prior to 2.20.1-0ubuntu2.23 Apport versions prior to 2.20.9-0ubuntu7.14 Apport versions prior to 2.20.11-0ubuntu8.8 Apport versions prior to 2.20.11-0ubuntu22 **Description** The issue is related to Apport creating a world-writable lock file with root ownership in the /var/lock/apport directory. If the apport directory does not exist, it will be created. This allows for a symlink attack if an attacker creates a symlink at /var/lock/apport, changing Apport's lock file location. The file could then be used to escalate privileges. **Recommendations** For versions prior to 2.20.1-0ubuntu2.23, update to version 2.20.1-0ubuntu2.23 or later. For versions prior to 2.20.9-0ubuntu7.14, update to version 2.20.9-0ubuntu7.14 or later. For versions prior to 2.20.11-0ubuntu8.8, update to version 2.20.11-0ubuntu8.8 or later. For versions prior to 2.20.11-0ubuntu22, update to version 2.20.11-0ubuntu22 or later. As a temporary workaround, consider restricting access to the /var/lock/apport directory to minimize the risk of exploitation.