CVE-2021-3899

Description

There is a race condition in the 'replaced executable' detection that, with the correct local configuration, allow an attacker to execute arbitrary code as root.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

Canonical Ltd. / Apport0 – 2.21.0

References

MISChttps://bugs.launchpad.net/ubuntu/+source/apport/+bug/1948376
VENDOR_ADVISORYhttps://ubuntu.com/security/notices/USN-5427-1
CONFIRMhttps://www.cve.org/CVERecord?id=CVE-2021-3899