{"containers":{"cna":{"affected":[{"platforms":["Ubuntu 18.04"],"product":"Apport","vendor":"n/a","versions":[{"lessThan":"unspecified","status":"affected","version":"2.20.8-0ubuntu4","versionType":"custom"},{"lessThan":"2.20.9-0ubuntu7.1","status":"affected","version":"unspecified","versionType":"custom"}]},{"platforms":["Ubuntu 16.04"],"product":"Apport","vendor":"n/a","versions":[{"lessThan":"unspecified","status":"affected","version":"2.20.1-0ubuntu2.15","versionType":"custom"},{"lessThan":"2.20.1-0ubuntu2.18","status":"affected","version":"unspecified","versionType":"custom"}]},{"platforms":["Ubuntu 17.10"],"product":"Apport","vendor":"n/a","versions":[{"lessThan":"unspecified","status":"affected","version":"2.20.7-0ubuntu3.7","versionType":"custom"},{"lessThan":"2.20.7-0ubuntu3.9","status":"affected","version":"unspecified","versionType":"custom"}]},{"platforms":["Ubuntu 14.04"],"product":"Apport","vendor":"n/a","versions":[{"status":"affected","version":"2.14.1-0ubuntu3.28"}]}],"credits":[{"lang":"en","value":"Sander Bos"}],"datePublic":"2018-05-30T00:00:00.000Z","descriptions":[{"lang":"en","value":"Apport does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers. The is_same_ns() function returns True when /proc// does not exist in order to indicate that the crash should be handled in the global namespace rather than inside of a container. However, the portion of the data/apport code that decides whether or not to forward a crash to a container does not always replace sys.argv[1] with the value stored in the host_pid variable when /proc// does not exist which results in the container pid being used in the global namespace. This flaw affects versions 2.20.8-0ubuntu4 through 2.20.9-0ubuntu7, 2.20.7-0ubuntu3.7, 2.20.7-0ubuntu3.8, 2.20.1-0ubuntu2.15 through 2.20.1-0ubuntu2.17, and 2.14.1-0ubuntu3.28."}],"problemTypes":[{"descriptions":[{"description":"Denial of service via resource exhaustion, privilege escalation, and escape from containers","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-06-08T18:57:01.000Z","orgId":"cc1ad9ee-3454-478d-9317-d3e869d708bc","shortName":"canonical"},"references":[{"name":"USN-3664-1","tags":["vendor-advisory","x_refsource_UBUNTU"],"url":"https://usn.ubuntu.com/usn/usn-3664-1"},{"name":"USN-3664-2","tags":["vendor-advisory","x_refsource_UBUNTU"],"url":"https://usn.ubuntu.com/3664-2/"}],"source":{"advisory":"USN-3664-1","defect":["1746668"],"discovery":"EXTERNAL"},"title":"Apport treats the container PID as the global PID when /proc// is missing","x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"security@ubuntu.com","DATE_PUBLIC":"2018-05-30T18:00:00.000Z","ID":"CVE-2018-6552","STATE":"PUBLIC","TITLE":"Apport treats the container PID as the global PID when /proc// is missing"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Apport","version":{"version_data":[{"affected":">=","platform":"Ubuntu 18.04","version_affected":">=","version_value":"2.20.8-0ubuntu4"},{"affected":"<","platform":"Ubuntu 18.04","version_affected":"<","version_value":"2.20.9-0ubuntu7.1"},{"affected":">=","platform":"Ubuntu 16.04","version_affected":">=","version_value":"2.20.1-0ubuntu2.15"},{"affected":"<","platform":"Ubuntu 16.04","version_affected":"<","version_value":"2.20.1-0ubuntu2.18"},{"affected":">=","platform":"Ubuntu 17.10","version_affected":">=","version_value":"2.20.7-0ubuntu3.7"},{"affected":"<","platform":"Ubuntu 17.10","version_affected":"<","version_value":"2.20.7-0ubuntu3.9"},{"affected":"=","platform":"Ubuntu 14.04","version_affected":"=","version_value":"2.14.1-0ubuntu3.28"}]}}]},"vendor_name":"n/a"}]}},"credit":[{"lang":"eng","value":"Sander Bos"}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Apport does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers. The is_same_ns() function returns True when /proc// does not exist in order to indicate that the crash should be handled in the global namespace rather than inside of a container. However, the portion of the data/apport code that decides whether or not to forward a crash to a container does not always replace sys.argv[1] with the value stored in the host_pid variable when /proc// does not exist which results in the container pid being used in the global namespace. This flaw affects versions 2.20.8-0ubuntu4 through 2.20.9-0ubuntu7, 2.20.7-0ubuntu3.7, 2.20.7-0ubuntu3.8, 2.20.1-0ubuntu2.15 through 2.20.1-0ubuntu2.17, and 2.14.1-0ubuntu3.28."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Denial of service via resource exhaustion, privilege escalation, and escape from containers"}]}]},"references":{"reference_data":[{"name":"USN-3664-1","refsource":"UBUNTU","url":"https://usn.ubuntu.com/usn/usn-3664-1"},{"name":"USN-3664-2","refsource":"UBUNTU","url":"https://usn.ubuntu.com/3664-2/"}]},"source":{"advisory":"USN-3664-1","defect":["1746668"],"discovery":"EXTERNAL"}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-05T06:10:10.228Z"},"title":"CVE Program Container","references":[{"name":"USN-3664-1","tags":["vendor-advisory","x_refsource_UBUNTU","x_transferred"],"url":"https://usn.ubuntu.com/usn/usn-3664-1"},{"name":"USN-3664-2","tags":["vendor-advisory","x_refsource_UBUNTU","x_transferred"],"url":"https://usn.ubuntu.com/3664-2/"}]}]},"cveMetadata":{"assignerOrgId":"cc1ad9ee-3454-478d-9317-d3e869d708bc","assignerShortName":"canonical","cveId":"CVE-2018-6552","datePublished":"2018-05-31T22:00:00.000Z","dateReserved":"2018-02-02T00:00:00.000Z","dateUpdated":"2024-09-17T03:07:21.752Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}