CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 2CVE-2016-9949 – Apport 2.x (Ubuntu Desktop 12.10 < 16.04) - Local Code Execution
https://notcve.org/view.php?id=CVE-2016-9949
An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "{". This allows remote attackers to execute arbitrary Python code. Un problema fue descubierto en Apport en versiones anteriores a 2.20.4. En apport/ui.py, Apport lee el campo CashDB y después evalúa el campo como código Python si comienza con un "{". • https://www.exploit-db.com/exploits/40937 http://www.securityfocus.com/bid/95011 http://www.ubuntu.com/usn/USN-3157-1 https://bugs.launchpad.net/apport/+bug/1648806 https://donncha.is/2016/12/compromising-ubuntu-desktop https://github.com/DonnchaC/ubuntu-apport-exploitation • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2015-1341 – Apport privilege escalation through Python module imports
https://notcve.org/view.php?id=CVE-2015-1341
Any Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument is -m in Apport before 2.19.2 function _python_module_path. Cualquier módulo Python en sys.path puede ser importado si la línea de comando de proceso que activa el volcado de memoria es Python y el primer argumento es -m en Apport anterior a la versión 2.19.2 la función _python_module_path. • https://launchpad.net/apport/trunk/2.19.2 https://usn.ubuntu.com/2782-1 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 3CVE-2015-1338 – Apport 2.19 (Ubuntu 15.04) - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-1338
kernel_crashdump in Apport before 2.19 allows local users to cause a denial of service (disk consumption) or possibly gain privileges via a (1) symlink or (2) hard link attack on /var/crash/vmcore.log. kernel_crashdump en Apport en versiones anteriores a 2.19, permite a usuarios locales provocar una denegación de servicio (consumo de disco) o posiblemente obtener privilegios a través de un ataque de enlace (1) simbólico o (2) duro en /var/crash/vmcore.log. • https://www.exploit-db.com/exploits/38353 http://packetstormsecurity.com/files/133723/Ubuntu-Apport-kernel_crashdump-Symlink.html http://seclists.org/fulldisclosure/2015/Sep/101 http://www.halfdog.net/Security/2015/ApportKernelCrashdumpFileAccessVulnerabilities http://www.ubuntu.com/usn/USN-2744-1 https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1492570 https://launchpad.net/apport/trunk/2.19 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.2EPSS: 0%CPEs: 18EXPL: 4CVE-2015-1318 – Apport 2.14.1 (Ubuntu 14.04.2) - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-1318
The crash reporting feature in Apport 2.13 through 2.17.x before 2.17.1 allows local users to gain privileges via a crafted usr/share/apport/apport file in a namespace (container). La característica de informes de caídas en Apport 2.13 hasta 2.17.x anterior a 2.17.1 permite a usuarios locales ganar privilegios a través de un fichero usr/share/apport/apport manipulado en un espacio de nombre (contenedor). Various security issues relating to symlink attacks and race conditions with Abrt and Apport are documented here. • https://www.exploit-db.com/exploits/36782 https://www.exploit-db.com/exploits/36746 https://www.exploit-db.com/exploits/43971 https://github.com/ScottyBauer/CVE-2015-1318 http://www.osvdb.org/120803 http://www.ubuntu.com/usn/USN-2569-1 https://bugs.launchpad.net/ubuntu/%2Bsource/apport/%2Bbug/1438758 https://launchpad.net/apport/trunk/2.17.1 • CWE-264: Permissions, Privileges, and Access Controls •