local privilege escalation in apport-cli
Description
A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate privilege. It is extremely unlikely that a system administrator would configure sudo to allow unprivileged users to perform this class of exploit.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A privilege escalation vulnerability in apport-cli allows local attackers to gain elevated privileges when sudo is configured for unprivileged users and less is the pager.
Vulnerability
A privilege escalation vulnerability exists in apport-cli versions 2.26.0 and earlier. When a system is specially configured to allow unprivileged users to run sudo apport-cli, and less is configured as the pager, an attacker can exploit the way apport-cli invokes the pager with elevated privileges. The bug is similar to CVE-2023-26604 and resides in the handling of terminal size settings during crash report viewing [1].
Exploitation
An attacker must have local access to a system where an administrator has configured sudo to permit unprivileged users to execute sudo apport-cli. Additionally, less must be the configured pager, and the attacker must be able to set the terminal size. By manipulating the terminal size, the attacker can trigger command execution within less as root, leading to privilege escalation [1].
Impact
Successful exploitation allows a local attacker to escalate privileges from an unprivileged user to root, resulting in full system compromise. The attacker gains complete control over the affected system [1].
Mitigation
The vulnerability is fixed in updated apport packages provided in Ubuntu Security Notice USN-6018-1 [1]. The fix, implemented in commit [2], ensures that apport-cli does not run the pager as root when invoked via sudo or pkexec. Users should update their systems to the patched version. No workaround is available; administrators should avoid configuring sudo to allow unprivileged users to run apport-cli with elevated privileges [1][2].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <=2.26.0
- Canonical Ltd./Apportv5Range: 0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- github.com/canonical/apport/commit/e5f78cc89f1f5888b6a56b785dddcb0364c48ecbmitrepatch
- ubuntu.com/security/notices/USN-6018-1mitrevendor-advisory
News mentions
0No linked articles in our index yet.