{ "CVE_data_meta": { "ASSIGNER": "security@ubuntu.com", "DATE_PUBLIC": "2018-05-30T18:00:00.000Z", "ID": "CVE-2018-6552", "STATE": "PUBLIC", "TITLE": "Apport treats the container PID as the global PID when /proc// is missing" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Apport", "version": { "version_data": [ { "affected": ">=", "platform": "Ubuntu 18.04", "version_value": "2.20.8-0ubuntu4" }, { "affected": "<", "platform": "Ubuntu 18.04", "version_value": "2.20.9-0ubuntu7.1" }, { "affected": ">=", "platform": "Ubuntu 16.04", "version_value": "2.20.1-0ubuntu2.15" }, { "affected": "<", "platform": "Ubuntu 16.04", "version_value": "2.20.1-0ubuntu2.18" }, { "affected": ">=", "platform": "Ubuntu 17.10", "version_value": "2.20.7-0ubuntu3.7" }, { "affected": "<", "platform": "Ubuntu 17.10", "version_value": "2.20.7-0ubuntu3.9" }, { "affected": "=", "platform": "Ubuntu 14.04", "version_value": "2.14.1-0ubuntu3.28" } ] } } ] }, "vendor_name": "n/a" } ] } }, "credit": [ { "lang": "eng", "value": "Sander Bos" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Apport does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers. The is_same_ns() function returns True when /proc// does not exist in order to indicate that the crash should be handled in the global namespace rather than inside of a container. However, the portion of the data/apport code that decides whether or not to forward a crash to a container does not always replace sys.argv[1] with the value stored in the host_pid variable when /proc// does not exist which results in the container pid being used in the global namespace. This flaw affects versions 2.20.8-0ubuntu4 through 2.20.9-0ubuntu7, 2.20.7-0ubuntu3.7, 2.20.7-0ubuntu3.8, 2.20.1-0ubuntu2.15 through 2.20.1-0ubuntu2.17, and 2.14.1-0ubuntu3.28." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Denial of service via resource exhaustion, privilege escalation, and escape from containers" } ] } ] }, "references": { "reference_data": [ { "name": "USN-3664-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/usn/usn-3664-1" }, { "name": "USN-3664-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3664-2/" } ] }, "source": { "advisory": "USN-3664-1", "defect": [ "1746668" ], "discovery": "EXTERNAL" } }