Kevin Backhouse discovered an integer overflow in bson_ensure_space, as
used in whoopsie.
#### Bugs
* <https://bugs.launchpad.net/ubuntu/+source/whoopsie/+bug/1830865>
{"veracode": [{"lastseen": "2022-07-26T16:43:33", "description": "whoopsie is vulnerable to arbitrary code execution. An integer overflow in `bson_ensure_space` allows an attacker to execute arbitrary code on the host OS.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-09-21T06:30:13", "type": "veracode", "title": "Arbitrary Code Execution", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11484"], "modified": "2022-04-19T18:45:38", "id": "VERACODE:27010", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-27010/summary", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2020-02-18T15:33:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-11484"], "description": "The remote host is missing an update for the ", "modified": "2020-02-17T00:00:00", "published": "2019-10-31T00:00:00", "id": "OPENVAS:1361412562310844216", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844216", "type": "openvas", "title": "Ubuntu Update for whoopsie USN-4170-1", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844216\");\n script_version(\"2020-02-17T08:23:05+0000\");\n script_cve_id(\"CVE-2019-11484\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-02-17 08:23:05 +0000 (Mon, 17 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-10-31 03:01:07 +0000 (Thu, 31 Oct 2019)\");\n script_name(\"Ubuntu Update for whoopsie USN-4170-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=(UBUNTU18\\.04 LTS|UBUNTU19\\.10|UBUNTU19\\.04|UBUNTU16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"4170-1\");\n script_xref(name:\"URL\", value:\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2019-October/005172.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'whoopsie'\n package(s) announced via the USN-4170-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Kevin Backhouse discovered Whoopsie incorrectly handled very large crash\nreports. A local attacker could possibly use this issue to cause a denial\nof service, expose sensitive information or execute code as the whoopsie\nuser.\");\n\n script_tag(name:\"affected\", value:\"'whoopsie' package(s) on Ubuntu 19.10, Ubuntu 19.04, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU18.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libwhoopsie0\", ver:\"0.2.62ubuntu0.2\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"whoopsie\", ver:\"0.2.62ubuntu0.2\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU19.10\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libwhoopsie0\", ver:\"0.2.66ubuntu0.1\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"whoopsie\", ver:\"0.2.66ubuntu0.1\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU19.04\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libwhoopsie0\", ver:\"0.2.64ubuntu0.2\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"whoopsie\", ver:\"0.2.64ubuntu0.2\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU16.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"libwhoopsie0\", ver:\"0.2.52.5ubuntu0.2\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"whoopsie\", ver:\"0.2.52.5ubuntu0.2\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-01-14T15:21:16", "description": "Kevin Backhouse discovered Whoopsie incorrectly handled very large crash reports. A local attacker could possibly use this issue to cause a denial of service, expose sensitive information or execute code as the whoopsie user.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-10-30T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 19.04 / 19.10 : Whoopsie vulnerability (USN-4170-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11484"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libwhoopsie0", "p-cpe:/a:canonical:ubuntu_linux:whoopsie", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:19.04", "cpe:/o:canonical:ubuntu_linux:19.10"], "id": "UBUNTU_USN-4170-1.NASL", "href": "https://www.tenable.com/plugins/nessus/130395", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4170-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130395);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2019-11484\");\n script_xref(name:\"USN\", value:\"4170-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 19.04 / 19.10 : Whoopsie vulnerability (USN-4170-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Kevin Backhouse discovered Whoopsie incorrectly handled very large\ncrash reports. A local attacker could possibly use this issue to cause\na denial of service, expose sensitive information or execute code as\nthe whoopsie user.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4170-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected libwhoopsie0 and / or whoopsie packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11484\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwhoopsie0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:whoopsie\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:19.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:19.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2023 Canonical, Inc. / NASL script (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04|19\\.04|19\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04 / 18.04 / 19.04 / 19.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libwhoopsie0\", pkgver:\"0.2.52.5ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"whoopsie\", pkgver:\"0.2.52.5ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libwhoopsie0\", pkgver:\"0.2.62ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"whoopsie\", pkgver:\"0.2.62ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"libwhoopsie0\", pkgver:\"0.2.64ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"whoopsie\", pkgver:\"0.2.64ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"libwhoopsie0\", pkgver:\"0.2.66ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"whoopsie\", pkgver:\"0.2.66ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libwhoopsie0 / whoopsie\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2022-03-23T19:13:39", "description": "Kevin Backhouse discovered an integer overflow in bson_ensure_space, as used in whoopsie.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-02-08T05:15:00", "type": "cve", "title": "CVE-2019-11484", "cwe": ["CWE-190"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11484"], "modified": "2020-02-12T18:17:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:19.04", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/o:canonical:ubuntu_linux:19.10", "cpe:/a:whoopsie_project:whoopsie:-"], "id": "CVE-2019-11484", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-11484", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:whoopsie_project:whoopsie:-:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"]}], "ubuntu": [{"lastseen": "2023-01-26T15:43:56", "description": "## Releases\n\n * Ubuntu 19.10 \n * Ubuntu 19.04 \n * Ubuntu 18.04 LTS\n * Ubuntu 16.04 ESM\n\n## Packages\n\n * whoopsie \\- Ubuntu error tracker submission\n\nKevin Backhouse discovered Whoopsie incorrectly handled very large crash \nreports. A local attacker could possibly use this issue to cause a denial \nof service, expose sensitive information or execute code as the whoopsie \nuser.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-10-30T00:00:00", "type": "ubuntu", "title": "Whoopsie vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11484"], "modified": "2019-10-30T00:00:00", "id": "USN-4170-1", "href": "https://ubuntu.com/security/notices/USN-4170-1", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "ibm": [{"lastseen": "2022-09-27T14:05:30", "description": "## Summary\n\nVulnerabilities CVE-2019-11484, CVE-2019-11485, CVE-2019-11483, CVE-2019-11482 have been found in Ubuntu and potentially affect container images of IBM Workload Scheduler 9.5\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-11484](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11484>) \n** DESCRIPTION: **Ubuntu whoopsie package could allow a local authenticated attacker to execute arbitrary code on the system, caused by an integer overflow in the bson_ensure_space function. By using specially crafted crash reports, an attacker could exploit this vulnerability to execute arbitrary code, obtain sensitive information, or cause a denial of service condition on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/176573](<https://exchange.xforce.ibmcloud.com/vulnerabilities/176573>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-11485](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11485>) \n** DESCRIPTION: **Ubuntu Apport package is vulnerable to a denial of service, caused by the mishandling of lock-file creation. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/176572](<https://exchange.xforce.ibmcloud.com/vulnerabilities/176572>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-11483](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11483>) \n** DESCRIPTION: **Ubuntu Apport package could allow a local authenticated attacker to bypass security restrictions, caused by the mishandling of crash dumps originating from containers. By sending a specially-crafted request, an attacker could exploit this vulnerability to generate a crash report for a privileged process. \nCVSS Base score: 4.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/176571](<https://exchange.xforce.ibmcloud.com/vulnerabilities/176571>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2019-11482](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11482>) \n** DESCRIPTION: **Ubuntu Apport package could allow a local authenticated attacker to bypass security restrictions, caused by a time of check to time of use (TOCTTOU) flaw. By sending a specially-crafted request, an attacker could exploit this vulnerability to cause core files to be written in arbitrary directories. \nCVSS Base score: 4.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/176570](<https://exchange.xforce.ibmcloud.com/vulnerabilities/176570>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)\n\n## Affected Products and Versions\n\nIBM Workload Scheduler Distributed 9.5.0 FP01 and earlier\n\n \n\n\n## Remediation/Fixes\n\nAPAR IJ24525 has been opened to address Ubuntu vulnerabilities affecting IBM Workload Scheduler. \nApar IJ24525 is already included in IBM Workload Scheduler 9.5 FP02, already available on FixCentral.\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n26 Apr 2020: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/bulletin/#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud & Data Platform\"},\"Product\":{\"code\":\"SS8GJD\",\"label\":\"IBM Workload Automation\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"9.5\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-06-19T15:00:50", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in Ubuntu affect IBM Workload Scheduler 9.5", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11482", "CVE-2019-11483", "CVE-2019-11484", "CVE-2019-11485"], "modified": "2020-06-19T15:00:50", "id": "1748AFA7000433ABA1DFBCFA35FF4A982AFCAB7E54694119B5E68B99E5621F8A", "href": "https://www.ibm.com/support/pages/node/6205694", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}]}
CVE-2019-11484
