CVE-2019-15790 : What You Need to Know
Learn about CVE-2019-15790, a vulnerability in Apport that allows unauthorized access to privileged process information. Find out affected versions and mitigation steps.
CVE-2019-15790, assigned by Canonical, relates to a vulnerability in Apport that allows unauthorized access to privileged process information.
Understanding CVE-2019-15790
What is CVE-2019-15790?
Apport, a crash report tool in Ubuntu, improperly reads PID files with elevated privileges, potentially enabling unauthorized users to access sensitive information about running processes.
The Impact of CVE-2019-15790
The vulnerability could be exploited by unprivileged users to gain insights into privileged processes, potentially aiding in further attacks on systems with existing vulnerabilities.
Technical Details of CVE-2019-15790
Vulnerability Description
- Apport's get_pid_info() function reads /proc/pid with elevated privileges, allowing unauthorized access to process information.
- The issue stemmed from a missing argument in the Python Apport library, causing compatibility problems and failures during certain operations.
Affected Systems and Versions
- Vendor: Canonical
- Product: Apport
- Affected Versions: 2.14.1, 2.20.1, 2.20.9, 2.20.11
- Versions Less Than: 2.14.1-0ubuntu3.29+esm3, 2.20.1-0ubuntu2.22, 2.20.9-0ubuntu7.12, 2.20.11-0ubuntu8.6
Exploitation Mechanism
- Unauthorized users could exploit the recycling of process IDs to access privileged process information.
Mitigation and Prevention
Immediate Steps to Take
- Update Apport to the fixed versions: 2.20.11-0ubuntu16, 2.20.11-0ubuntu8.6, 2.20.9-0ubuntu7.12, 2.20.1-0ubuntu2.22, 2.14.1-0ubuntu3.29+esm3
Long-Term Security Practices
- Regularly monitor and update software to address security vulnerabilities
- Implement the principle of least privilege to restrict unnecessary access
Patching and Updates
- Apply patches provided by Canonical to address the vulnerability