apport created lock file in wrong directory

Vulnerability

Sander Bos discovered that Apport, the crash-reporting system debugger for Ubuntu, creates a lock file (/var/lock/apport.lock) in a world-writable directory. This allows any local user to manipulate the lock file, preventing the apport service from processing crash dumps and thus blocking crash handling entirely. The vulnerability affects all supported versions of Ubuntu at the time of disclosure; the fixing update was released in USN-4171-1 and USN-4171-2 [1][2].

Exploitation

A local attacker does not require any special privileges, only write access to the world-writable directory containing the lock file. By removing, creating, or holding the lock file, the attacker can prevent apport from acquiring its lock, thereby stopping crash handling for all processes on the system [2]. No user interaction is needed beyond the attacker having local user access.

Impact

Successful exploitation results in a denial of service (DoS) condition: apport will fail to process any crash dumps, including those from privileged processes. The vulnerability does not allow for code execution or privilege escalation, but it can hide evidence of other attacks by suppressing crash reports [1][2].

Mitigation

The vulnerability has been fixed in apport versions shipped with Ubuntu Security Notice USN-4171-1 (for main Ubuntu releases) and USN-4171-2 (for Ubuntu 14.04 ESM), both released in late October/early November 2019 [1][2]. Users should update the apport package to the latest version available in their distribution's repository. No workaround is necessary after applying the update.