A Python tool to check if your Ubuntu system is vulnerable to CVE-2025-5054, a race condition in Apport that allows local information disclosure. This tool performs a series of checks to determine your system's status and provides recommendations if you are affected.
- Detects if the system is running Ubuntu and extracts version information
- Checks if Apport is installed and determines its version
- Determines if the installed Apport version is vulnerable (≤ 2.32.0)
- Checks if Apport is configured as the core dump handler
- Verifies mitigation settings (e.g., suid_dumpable)
- Looks for common attack vectors (e.g., SUID/SGID unix_chkpwd)
- Provides a clear summary and actionable recommendations
- Python 3.12 or higher
- No external dependencies
-
Clone the repository:
git clone https://github.com/daryllundy/cve-2025-5054 cd cve-2025-5054 -
Create and activate a virtual environment using uv:
uv venv source .venv/bin/activate
For best results, run as root (sudo) to allow all checks to complete.
uv run cve_2025_5054_detector.pySample output:
============================================================
CVE-2025-5054 Vulnerability Detection Tool
============================================================
[*] Checking operating system...
[*] Checking if Apport is installed...
[*] Checking Apport version...
[*] Checking core dump configuration...
[*] Checking suid_dumpable setting...
[*] Checking for unix_chkpwd...
============================================================
DETECTION RESULTS
============================================================
[OS Check] INFO: Ubuntu 22.04 detected
[Apport Check] INFO: Apport version 2.32.0 installed
[Version Check] VULNERABLE: Version 2.32.0 is vulnerable
[Core Pattern] INFO: Apport is configured as core dump handler
[Mitigation] WARNING: suid_dumpable=1 (default, vulnerable)
[Attack Vector] INFO: unix_chkpwd found at /usr/sbin/unix_chkpwd (not SUID/SGID)
============================================================
SUMMARY
============================================================
[!] YOUR SYSTEM APPEARS TO BE VULNERABLE TO CVE-2025-5054
Recommended actions:
1. Update Apport to the latest version:
sudo apt update && sudo apt upgrade apport
2. As a temporary mitigation, disable SUID core dumps:
sudo sysctl fs.suid_dumpable=0
echo 'fs.suid_dumpable=0' | sudo tee -a /etc/sysctl.conf
3. Consider disabling Apport temporarily if updates are not available:
sudo systemctl stop apport.service
sudo systemctl disable apport.service
This project is licensed under the MIT License.
Developed by Daryl Lundy