Whoopsie-daisy: Chaining accidental features of Ubuntu’s crash reporter to get Local Privilege Escalation

In the overview of vulnerabilities in Ubuntu's crash reporting system, five specific issues are highlighted: CVE-2019-7307, CVE-2019-11476, CVE-2019-11481, CVE-2019-11484, and CVE-2019-15790. While two of these vulnerabilities pose low-severity local denial-of-service risks, the others present a more serious threat by allowing local unprivileged attackers to read arbitrary files, leading to a read-only local privilege escalation vulnerability. This could enable attackers to access sensitive information such as SSH keys. The exploit chain of these vulnerabilities includes CVE-2019-15790, which helps in obtaining ASLR offsets that facilitate the exploitation of memory corruption vulnerabilities. The vulnerabilities were disclosed and subsequently fixed in updates released in July and October 2019. The article also delves into the architecture of Ubuntu's crash reporting system, highlighting its components like apport and whoopsie, and discusses the security boundaries, attack surfaces, and mitigation strategies for the system.