VYPR
← All advisories
Unrated severityNVD Advisory· Published Feb 8, 2020· Updated Sep 16, 2024

Apport reads arbitrary files if ~/.config/apport/settings is a symlink

CVE-2019-11481

Description

Kevin Backhouse discovered that apport would read a user-supplied configuration file with elevated privileges. By replacing the file with a symbolic link, a user could get apport to read any file on the system as root, with unknown consequences.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A local attacker can make apport read any file as root by replacing its user-supplied configuration file with a symbolic link.

Vulnerability

Apport, the automatic crash report generation tool on Ubuntu, reads its user-controlled settings file with elevated (root) privileges through a provided ~/.config/apport/settings path. By replacing this configuration file with a symbolic link pointing to an arbitrary system file, a local user can trick apport into reading any file on the system as root [1], [2]. The vulnerability affects apport on Ubuntu 14.04 ESM and earlier supported releases before the fix [1], [2].

Exploitation

An attacker needs only a local user account on the system. The steps are: (1) create a symbolic link at ~/.config/apport/settings that points to a target file (e.g., /etc/shadow), (2) trigger apport execution (e.g., by causing a process crash or waiting for a scheduled run). Apport, running as root, will follow the symlink and read the target file with root privileges [1], [2]. No additional authentication or user interaction beyond normal apport operation is required. The race window is not a factor; the symlink attack is applied before apport reads the configuration.

Impact

Successful exploitation allows a local attacker to read the contents of any file on the system that is readable by root. This can include sensitive files such as password hashes (/etc/shadow), private keys, or application secrets, leading to full system compromise [1], [2]. The confidentiality of the entire filesystem is at risk; the attacker does not gain write access or code execution from this vulnerability alone, but the information disclosure can be leveraged for further attacks.

Mitigation

Ubuntu released patched versions of apport on 30 October 2019 (for standard releases) and 4 November 2019 (for Ubuntu 14.04 ESM) in USN-4171-1 and USN-4171-2, respectively [1], [2]. Users should update the apport package to the fixed version for their release. No workaround is provided; the fix ensures apport does not follow symlinks when reading the configuration file. This CVE is not listed on the CISA KEV.

References
  1. USN-4171-2: Apport vulnerabilities | Ubuntu security notices | Ubuntu
  2. USN-4171-1: Apport vulnerabilities | Ubuntu security notices | Ubuntu

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.