Skip to main content

Unrestricted Externally Accessible Lock

CVE-2019-11485

Severity Low
Score 3.3/10

Summary

Sander Bos discovered Apport's lock file was in a world-writable directory which allowed all users to prevent crash handling.

  • LOW
  • LOCAL
  • NONE
  • UNCHANGED
  • NONE
  • LOW
  • NONE
  • LOW

CWE-412 - Unrestricted Externally Accessible Lock

The software properly checks for the existence of a lock, but the lock can be externally controlled or influenced by an actor that is outside of the intended sphere of control.

References

Advisory Timeline

  • Published