Launchpad.net

CVE 2023-1326

A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate privilege. It is extremely unlikely that a system administrator would configure sudo to allow unprivileged users to perform this class of exploit.

Related bugs and status

CVE-2023-1326 (Candidate) is related to these bugs:

Bug #2006705: Ubuntu pro reports CVE falsely as fixed

		In	Importance	Status
2006705	Ubuntu pro reports CVE falsely as fixed	ubuntu-advantage-tools (Ubuntu)	Undecided	Fix Released
2006705	Ubuntu pro reports CVE falsely as fixed	ubuntu-advantage-tools (Ubuntu Kinetic)	Undecided	Fix Released
2006705	Ubuntu pro reports CVE falsely as fixed	ubuntu-advantage-tools (Ubuntu Jammy)	Undecided	Fix Released
2006705	Ubuntu pro reports CVE falsely as fixed	ubuntu-advantage-tools (Ubuntu Focal)	Undecided	Fix Released
2006705	Ubuntu pro reports CVE falsely as fixed	ubuntu-advantage-tools (Ubuntu Bionic)	Undecided	Fix Released
2006705	Ubuntu pro reports CVE falsely as fixed	ubuntu-advantage-tools (Ubuntu Xenial)	Undecided	Fix Released

Bug #2016023: viewing an apport-cli crash with default pager could escalate privilege (CVE-2023-1326)

		In	Importance	Status
2016023	viewing an apport-cli crash with default pager could escalate privilege (CVE-2023-1326)	apport (Ubuntu)	Critical	Fix Released
2016023	viewing an apport-cli crash with default pager could escalate privilege (CVE-2023-1326)	Apport	Critical	Fix Released
2016023	viewing an apport-cli crash with default pager could escalate privilege (CVE-2023-1326)	apport (Ubuntu Kinetic)	Undecided	Fix Released
2016023	viewing an apport-cli crash with default pager could escalate privilege (CVE-2023-1326)	apport (Ubuntu Focal)	Undecided	Fix Released
2016023	viewing an apport-cli crash with default pager could escalate privilege (CVE-2023-1326)	apport (Ubuntu Jammy)	Undecided	Fix Released
2016023	viewing an apport-cli crash with default pager could escalate privilege (CVE-2023-1326)	apport (Ubuntu Bionic)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://github.com/can...
MISC: https://ubuntu.com/sec...