Race Condition in Replaced Executable Detection Allows Arbitrary Code Execution as Root
CVE-2021-3899

Currently unrated

Key Information:

Vendor: Canonical Ltd.
Status: Apport
Vendor: CVE Published:; 3 June 2024

Summary

A race condition exists within Ubuntu's 'replaced executable' detection mechanism. This vulnerability allows attackers, under certain local configurations, to execute arbitrary code with root privileges. Proper configuration may increase the risk of exploitation, making it critical for system administrators to assess their systems and apply the latest security patches. Further details about the vulnerability can be referenced through official vendor advisories and issue tracking reports.

Affected Version(s)

Apport Linux 0 < 2.21.0

References

https://bugs.launchpad.net/ubuntu/+source/apport/+bug/194...

issue-tracking

https://ubuntu.com/security/notices/USN-5427-1

vendor-advisory

https://www.cve.org/CVERecord?id=CVE-2021-3899

issue-tracking

Timeline

Vulnerability published
Jun 3, 2024
Vulnerability Reserved
Oct 23, 2021

Credit

Muqing Liu from Singurlar Security Lab

neoni