CVE & CISA-KEV Catalog

CVE-2018-6552

HIGH
7.8
CVSS v3
NVD

Description

Apport does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers. The is_same_ns() function returns True when /proc/<global pid>/ does not exist in order to indicate that the crash should be handled in the global namespace rather than inside of a container. However, the portion of the data/apport code that decides whether or not to forward a crash to a container does not always replace sys.argv[1] with the value stored in the host_pid variable when /proc/<global pid>/ does not exist which results in the container pid being used in the global namespace. This flaw affects versions 2.20.8-0ubuntu4 through 2.20.9-0ubuntu7, 2.20.7-0ubuntu3.7, 2.20.7-0ubuntu3.8, 2.20.1-0ubuntu2.15 through 2.20.1-0ubuntu2.17, and 2.14.1-0ubuntu3.28.

How to fix

Remediation Available
apportUbuntu
Fixed in:2.14.1-0ubuntu3.29USN-3664-2
Fixed in:2.20.1-0ubuntu2.18USN-3664-1
Fixed in:2.20.9-0ubuntu7.1USN-3664-1

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityHigh
IntegrityHigh
AvailabilityHigh

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploit Intelligence

0.39%probability of exploitation in 30 days
31stpercentile

Low risk: more likely to be exploited than 31% of all known CVEs.

References

Embed a live status badge for CVE-2018-6552
CVE-2018-6552 severity badge

Markdown

[![CVE-2018-6552](https://tridentstack.com/cve/badge/CVE-2018-6552.svg)](https://tridentstack.com/cve/CVE-2018-6552)

HTML

<a href="https://tridentstack.com/cve/CVE-2018-6552"><img src="https://tridentstack.com/cve/badge/CVE-2018-6552.svg" alt="CVE-2018-6552"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2024-11-21.