CVE-2016-9951 – Apport 2.x (Ubuntu Desktop 12.10 < 16.04) - Local Code Execution
https://notcve.org/view.php?id=CVE-2016-9951
An issue was discovered in Apport before 2.20.4. A malicious Apport crash file can contain a restart command in `RespawnCommand` or `ProcCmdline` fields. This command will be executed if a user clicks the Relaunch button on the Apport prompt from the malicious crash file. The fix is to only show the Relaunch button on Apport crash files generated by local systems. The Relaunch button will be hidden when crash files are opened directly in Apport-GTK. • https://www.exploit-db.com/exploits/40937 http://www.securityfocus.com/bid/95011 http://www.ubuntu.com/usn/USN-3157-1 https://bugs.launchpad.net/apport/+bug/1648806 https://donncha.is/2016/12/compromising-ubuntu-desktop https://github.com/DonnchaC/ubuntu-apport-exploitation • CWE-284: Improper Access Control •
CVE-2016-9949 – Apport 2.x (Ubuntu Desktop 12.10 < 16.04) - Local Code Execution
https://notcve.org/view.php?id=CVE-2016-9949
An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "{". This allows remote attackers to execute arbitrary Python code. Un problema fue descubierto en Apport en versiones anteriores a 2.20.4. En apport/ui.py, Apport lee el campo CashDB y después evalúa el campo como código Python si comienza con un "{". • https://www.exploit-db.com/exploits/40937 http://www.securityfocus.com/bid/95011 http://www.ubuntu.com/usn/USN-3157-1 https://bugs.launchpad.net/apport/+bug/1648806 https://donncha.is/2016/12/compromising-ubuntu-desktop https://github.com/DonnchaC/ubuntu-apport-exploitation • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2015-1338 – Apport 2.19 (Ubuntu 15.04) - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-1338
kernel_crashdump in Apport before 2.19 allows local users to cause a denial of service (disk consumption) or possibly gain privileges via a (1) symlink or (2) hard link attack on /var/crash/vmcore.log. kernel_crashdump en Apport en versiones anteriores a 2.19, permite a usuarios locales provocar una denegación de servicio (consumo de disco) o posiblemente obtener privilegios a través de un ataque de enlace (1) simbólico o (2) duro en /var/crash/vmcore.log. • https://www.exploit-db.com/exploits/38353 http://packetstormsecurity.com/files/133723/Ubuntu-Apport-kernel_crashdump-Symlink.html http://seclists.org/fulldisclosure/2015/Sep/101 http://www.halfdog.net/Security/2015/ApportKernelCrashdumpFileAccessVulnerabilities http://www.ubuntu.com/usn/USN-2744-1 https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1492570 https://launchpad.net/apport/trunk/2.19 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2015-1318 – Apport 2.14.1 (Ubuntu 14.04.2) - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-1318
The crash reporting feature in Apport 2.13 through 2.17.x before 2.17.1 allows local users to gain privileges via a crafted usr/share/apport/apport file in a namespace (container). La característica de informes de caídas en Apport 2.13 hasta 2.17.x anterior a 2.17.1 permite a usuarios locales ganar privilegios a través de un fichero usr/share/apport/apport manipulado en un espacio de nombre (contenedor). Various security issues relating to symlink attacks and race conditions with Abrt and Apport are documented here. • https://www.exploit-db.com/exploits/36782 https://www.exploit-db.com/exploits/36746 https://www.exploit-db.com/exploits/43971 https://github.com/ScottyBauer/CVE-2015-1318 http://www.osvdb.org/120803 http://www.ubuntu.com/usn/USN-2569-1 https://bugs.launchpad.net/ubuntu/%2Bsource/apport/%2Bbug/1438758 https://launchpad.net/apport/trunk/2.17.1 • CWE-264: Permissions, Privileges, and Access Controls •