Untriaged
Permalink
CVE-2023-1326
7.7 HIGH
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): HIGH
- User interaction (UI): REQUIRED
- Scope (S): CHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
local privilege escalation in apport-cli
A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate privilege. It is extremely unlikely that a system administrator would configure sudo to allow unprivileged users to perform this class of exploit.
References
- https://ubuntu.com/security/notices/USN-6018-1 vendor-advisory
- https://github.com/canonical/apport/commit/e5f78cc89f1f5888b6a56b785dddcb0364c4… patch
- https://github.com/canonical/apport/commit/e5f78cc89f1f5888b6a56b785dddcb0364c4… patch x_transferred
- https://ubuntu.com/security/notices/USN-6018-1 vendor-advisory x_transferred
- https://github.com/canonical/apport/commit/e5f78cc89f1f5888b6a56b785dddcb0364c4… patch
- https://ubuntu.com/security/notices/USN-6018-1 vendor-advisory
- https://github.com/canonical/apport/commit/e5f78cc89f1f5888b6a56b785dddcb0364c4… patch x_transferred
- https://ubuntu.com/security/notices/USN-6018-1 vendor-advisory x_transferred
Affected products
apport
- =<2.26.0
Matching in nixpkgs
pkgs.haskellPackages.apportionment
Round a set of numbers while maintaining its sum
-
nixos-unstable -
- nixpkgs-unstable 0.0.0.4
Package maintainers
-
@thielema Henning Thielemann <nix@henning-thielemann.de>