Strix
26.1K

CVE-2018-6552

UnknownEPSS 0.39%

Last modified

CVE-2018-6552 is a vulnerability of currently unknown severity. Apport does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers. The is_same_ns() function returns True when /proc/<global pid>/ does not exist in order to indicate that the crash should be handled in the global namespace rather than inside of a container. EPSS estimates a 0.39% chance of exploitation in the next 30 days.

Description

Apport does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers. The is_same_ns() function returns True when /proc/<global pid>/ does not exist in order to indicate that the crash should be handled in the global namespace rather than inside of a container. However, the portion of the data/apport code that decides whether or not to forward a crash to a container does not always replace sys.argv[1] with the value stored in the host_pid variable when /proc/<global pid>/ does not exist which results in the container pid being used in the global namespace. This flaw affects versions 2.20.8-0ubuntu4 through 2.20.9-0ubuntu7, 2.20.7-0ubuntu3.7, 2.20.7-0ubuntu3.8, 2.20.1-0ubuntu2.15 through 2.20.1-0ubuntu2.17, and 2.14.1-0ubuntu3.28.

Metrics

EPSS Probability
0.39%

30.7th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
Apport ProjectApport2.14.1
Apport ProjectApport2.20.9
Apport ProjectApport2.20.7
Apport ProjectApport2.20.1

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2018-6552?
Apport does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers. The is_same_ns() function returns True when /proc/<global pid>/ does not exist in order to indicate that the crash should be handled in the global namespace rather than inside of a container. However, the portion of the data/apport code that decides whether or not to forward a crash to a container does not always replace sys.argv[1] with the value stored in the host_pid variable when /proc/<global pid>/ does not exist which results in the container pid being used in the global namespace. This flaw affects versions 2.20.8-0ubuntu4 through 2.20.9-0ubuntu7, 2.20.7-0ubuntu3.7, 2.20.7-0ubuntu3.8, 2.20.1-0ubuntu2.15 through 2.20.1-0ubuntu2.17, and 2.14.1-0ubuntu3.28.
How severe is CVE-2018-6552?
Severity scoring for CVE-2018-6552 is pending analysis. The EPSS model estimates a 0.39% probability of exploitation in the next 30 days.
How do I fix CVE-2018-6552?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-6552?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST