Kevin Backhouse

I'm a security researcher on the GitHub Security Lab team. I try to help make open source software more secure by searching for vulnerabilities and working with maintainers to get them fixed.

Posts by this author

Vulnerability research

Ubuntu apport PID recycling security vulnerability (CVE-2019-15790)

This is the third post in a series about Ubuntu’s crash reporting system. We’ll review CVE-2019-15790, a vulnerability in apport that enables a local attacker to obtain the ASLR offsets for any process they can start (or restart).

Kevin BackhouseDecember 19, 2019

Vulnerability research
Ubuntu apport TOCTOU security vulnerability (CVE-2019-7307)
This is the second post in our series about Ubuntu’s crash reporting system. We’ll review CVE-2019-7307, a TOCTOU vulnerability that enables a local attacker to include the contents of any file on the system in a crash report.Kevin BackhouseDecember 17, 2019
Learn more
Vulnerability research
Whoopsie-daisy: Chaining accidental features of Ubuntu’s crash reporter to get Local Privilege Escalation
This post summarizes several security vulnerabilities in Ubuntu’s crash reporting system: CVE-2019-7307, CVE-2019-11476, CVE-2019-11481, CVE-2019-11484, CVE-2019-15790. When chained together, they allow an unprivileged user to read arbitrary files on the system.Kevin BackhouseDecember 12, 2019
Learn more