Two new information disclosure flaws have been discovered in apport and systemd-coredump, the core dump handlers in popular Linux distributions such as Ubuntu, Red Hat Enterprise Linux, and Fedora. Tracked as CVE-2025-5054 and CVE-2025-4598, these vulnerabilities are race condition bugs that could potentially allow a local attacker to gain access to sensitive information.
The vulnerabilities were identified by the Qualys Threat Research Unit (TRU) and have been rated as Moderate in severity. The flaws could be exploited by a local attacker to access password hashes from the /etc/shadow file by manipulating the core dump of a crashed process.
Canonical, the company behind Ubuntu, has released updates for the apport package to address these vulnerabilities. Users are strongly advised to upgrade their packages to ensure they are protected against potential attacks exploiting these flaws.
It’s important to note that Debian systems are not susceptible to CVE-2025-4598 by default, as they do not include any core dump handler unless the systemd-coredump package is manually installed. However, advisories have been issued by other Linux distributions such as Gentoo, Amazon Linux, and Debian to address these vulnerabilities.
In light of these findings, it is crucial for Linux users to stay vigilant and promptly apply security updates to mitigate the risk of exploitation. By keeping their systems up to date, users can protect their sensitive information and prevent unauthorized access to their data.
References:
– The Hacker News: https://it.slashdot.org/story/25/06/02/0140228/new-moderate-linux-flaw-allows-password-hash-theft-via-core-dumps-in-ubuntu-rhel-fedora?utm_source=rss1.0mainlinkanon&utm_medium=feed
