A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate privilege. It is extremely unlikely that a system administrator would configure sudo to allow unprivileged users to perform this class of exploit.
References
Link | Resource |
---|---|
https://github.com/canonical/apport/commit/e5f78cc89f1f5888b6a56b785dddcb0364c48ecb | Patch |
https://ubuntu.com/security/notices/USN-6018-1 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
19 Apr 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-269 | |
CPE | cpe:2.3:o:canonical:ubuntu_linux:22.10:*:*:*:-:*:*:* cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:* cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:* cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* cpe:2.3:a:canonical:apport:*:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
References | (MISC) https://ubuntu.com/security/notices/USN-6018-1 - Vendor Advisory | |
References | (MISC) https://github.com/canonical/apport/commit/e5f78cc89f1f5888b6a56b785dddcb0364c48ecb - Patch | |
First Time |
Canonical
Canonical ubuntu Linux Canonical apport |
18 Apr 2023, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
13 Apr 2023, 23:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-04-13 23:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-1326
Mitre link : CVE-2023-1326
CVE.ORG link : CVE-2023-1326
JSON object : View
Products Affected
canonical
- apport
- ubuntu_linux
CWE
CWE-269
Improper Privilege Management