Kevin Backhouse discovered that apport would read a user-supplied configuration file with elevated privileges. By replacing the file with a symbolic link, a user could get apport to read any file on the system as root, with unknown consequences.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: canonical

Published: 2020-02-08T04:50:21.892355Z

Updated: 2024-09-16T23:25:27.956Z

Reserved: 2019-04-23T00:00:00

Link: CVE-2019-11481

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-02-08T05:15:12.527

Modified: 2024-11-21T04:21:10.220

Link: CVE-2019-11481

cve-icon Redhat

No data.