Unrestricted Externally Accessible Lock
CVE-2019-11485
Summary
Sander Bos discovered Apport's lock file was in a world-writable directory which allowed all users to prevent crash handling.
- LOW
- LOCAL
- NONE
- UNCHANGED
- NONE
- LOW
- NONE
- LOW
CWE-412 - Unrestricted Externally Accessible Lock
The software properly checks for the existence of a lock, but the lock can be externally controlled or influenced by an actor that is outside of the intended sphere of control.
References
Advisory Timeline
- Published