Oval Definition:oval:org.opensuse.security:def:20197307
Revision Date:2022-05-20Version:1
Title:CVE-2019-7307
Description:

Apport before versions 2.14.1-0ubuntu3.29+esm1, 2.20.1-0ubuntu2.19, 2.20.9-0ubuntu7.7, 2.20.10-0ubuntu27.1, 2.20.11-0ubuntu5 contained a TOCTTOU vulnerability when reading the users ~/.apport-ignore.xml file, which allows a local attacker to replace this file with a symlink to any other file on the system and so cause Apport to include the contents of this other file in the resulting crash report. The crash report could then be read by that user either by causing it to be uploaded and reported to Launchpad, or by leveraging some other vulnerability to read the resulting crash report, and so allow the user to read arbitrary files on the system.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2019-7307
Mitre CVE-2019-7307
SUSE CVE-2019-7307
Platform(s):SUSE Linux Enterprise Server 11 SP1-TERADATA
SUSE Linux Enterprise Server 11 SP3-TERADATA
SUSE Linux Enterprise Server for SAP Applications 11 SP1-TERADATA
SUSE Linux Enterprise Server for SAP Applications 11 SP3-TERADATA
Product(s):
Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Server 11 SP1-TERADATA is installed
  • OR SUSE Linux Enterprise Server 11 SP3-TERADATA is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 11 SP1-TERADATA is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 11 SP3-TERADATA is installed
  • AND Package Information
  • apport-0.114-12.8.6 is installed
  • OR apport-crashdb-sle-0.114-0.8.6 is installed
  • OR apport-gtk-0.114-12.8.6 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Server 11 SP1-TERADATA is installed
  • OR SUSE Linux Enterprise Server 11 SP3-TERADATA is installed
  • AND Package Information
  • apport-0.114-12.8.6.1 is installed
  • OR apport-crashdb-sle-0.114-0.8.6.1 is installed
  • OR apport-gtk-0.114-12.8.6.1 is installed
    • BACK