Home / Companies / GitHub / Blog / Post Details
Content Deep Dive

Ubuntu apport PID recycling security vulnerability (CVE-2019-15790)

Blog post from GitHub

Post Details
Company
Date Published
Author
Kevin Backhouse
Word Count
1,566
Company Posts That Month
11
Language
English
Hacker News Points
-
Post removed?
No
Summary

In this third post of a four-part series, security researcher Kevin Backhouse delves into the apport CVE-2019-15790 vulnerability, which allows a local attacker to obtain ASLR offsets of any process they can control. The vulnerability arises from using PIDs as authorization tokens, which can be recycled and reassigned, enabling attackers to trick apport into leaking sensitive information. Backhouse explores two exploitation plans, with the second, Plan B, proving successful. This plan involves deliberately crashing an innocuous process to manipulate the PID recycling system, allowing a privileged process to be assigned the same PID. By pausing apport during this transition, Backhouse accesses sensitive information from the /proc/[pid]/maps file, crucial for gaining ASLR offsets. This exploit is part of a broader strategy targeting the whoopsie daemon, which will be further explored in the final post of the series, focusing on exploiting a heap buffer overflow vulnerability to gain code execution.

Trends Found in this Post

No tracked trend matches for this post yet.

Use This Data

Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.