Login Sign Up

CVE-2021-32551

7.3 HIGH

📋 TL;DR

This vulnerability in Apport's read_file() function allows local attackers to read arbitrary files by exploiting symbolic links or FIFOs. It affects Ubuntu systems with openjdk-15 package apport hooks enabled, potentially exposing sensitive data to other local users.

💻 Affected Systems

Products:
  • apport
  • openjdk-15
Versions: Apport versions before fix, specifically when used with openjdk-15 package hooks
Operating Systems: Ubuntu Linux
Default Config Vulnerable: ⚠️ Yes
Notes: Requires apport hooks to be enabled and triggered for openjdk-15 package crashes

📦 What is this software?

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

Ubuntu Linux by Canonical

View all CVEs affecting Ubuntu Linux →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation leading to complete system compromise through exposure of sensitive files like SSH keys, passwords, or configuration files.

🟠

Likely Case

Unauthorized local users reading sensitive application data, configuration files, or user-specific information from other accounts.

🟢

If Mitigated

Limited exposure of non-critical files if proper file permissions and access controls are implemented.

🌐 Internet-Facing: LOW - This is a local-only vulnerability requiring local user access.
🏢 Internal Only: MEDIUM - Internal users with local access could exploit this to access sensitive data from other users or system files.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires local user access and ability to create symbolic links or FIFOs in specific locations

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apport versions with fix for CVE-2021-32551

Vendor Advisory: https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904

Restart Required: No

Instructions:

1. Update apport package: sudo apt update && sudo apt upgrade apport
2. Verify update: apt-cache policy apport
3. Ensure openjdk-15 is also updated if needed

🔧 Temporary Workarounds

Disable apport crash reporting

linux

Temporarily disable apport service to prevent hook execution

sudo systemctl stop apport
sudo systemctl disable apport

Remove openjdk-15 apport hooks

linux

Remove or disable specific hooks for openjdk-15

sudo rm /usr/share/apport/package-hooks/source_openjdk-15.py

🧯 If You Can't Patch

  • Implement strict file permissions and access controls to limit sensitive file exposure
  • Monitor for suspicious symbolic link creation in apport-related directories

🔍 How to Verify

Check if Vulnerable:

Check apport version: dpkg -l | grep apport and verify if pre-fix version

Check Version:

dpkg -l | grep apport

Verify Fix Applied:

Verify apport package version is updated and check for presence of fix in changelog

📡 Detection & Monitoring

Log Indicators:

  • Apport crash reports accessing unusual file paths
  • Multiple failed apport hook executions

Network Indicators:

  • None - local-only vulnerability

SIEM Query:

process.name:apport AND file.path:*symlink* OR file.path:*fifo*

📊 Metadata

CVE ID: CVE-2021-32551
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
CWE: CWE-59
Published: June 12, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-32551, you might also want to check these:

CVE-2024-37143 10.0

This CVE describes an Improper Link Resolution Before File Access vulnerability in multiple Dell Pow...

Same vulnerability type (CWE-59)
CVE-2024-28185 10.0

CVE-2024-28185 is a critical symlink vulnerability in Judge0 that allows attackers to write arbitrar...

Same vulnerability type (CWE-59)
CVE-2024-48862 9.8

CVE-2024-48862 is a path traversal vulnerability in QNAP's QuLog Center that allows remote attackers...

Same vulnerability type (CWE-59)