Page 6 of 31 results (0.030 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2

An issue was discovered in Apport before 2.20.4. A malicious Apport crash file can contain a restart command in `RespawnCommand` or `ProcCmdline` fields. This command will be executed if a user clicks the Relaunch button on the Apport prompt from the malicious crash file. The fix is to only show the Relaunch button on Apport crash files generated by local systems. The Relaunch button will be hidden when crash files are opened directly in Apport-GTK. • https://www.exploit-db.com/exploits/40937 http://www.securityfocus.com/bid/95011 http://www.ubuntu.com/usn/USN-3157-1 https://bugs.launchpad.net/apport/+bug/1648806 https://donncha.is/2016/12/compromising-ubuntu-desktop https://github.com/DonnchaC/ubuntu-apport-exploitation • CWE-284: Improper Access Control •

CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 2

An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "{". This allows remote attackers to execute arbitrary Python code. Un problema fue descubierto en Apport en versiones anteriores a 2.20.4. En apport/ui.py, Apport lee el campo CashDB y después evalúa el campo como código Python si comienza con un "{". • https://www.exploit-db.com/exploits/40937 http://www.securityfocus.com/bid/95011 http://www.ubuntu.com/usn/USN-3157-1 https://bugs.launchpad.net/apport/+bug/1648806 https://donncha.is/2016/12/compromising-ubuntu-desktop https://github.com/DonnchaC/ubuntu-apport-exploitation • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0

Any Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument is -m in Apport before 2.19.2 function _python_module_path. Cualquier módulo Python en sys.path puede ser importado si la línea de comando de proceso que activa el volcado de memoria es Python y el primer argumento es -m en Apport anterior a la versión 2.19.2 la función _python_module_path. • https://launchpad.net/apport/trunk/2.19.2 https://usn.ubuntu.com/2782-1 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 3

kernel_crashdump in Apport before 2.19 allows local users to cause a denial of service (disk consumption) or possibly gain privileges via a (1) symlink or (2) hard link attack on /var/crash/vmcore.log. kernel_crashdump en Apport en versiones anteriores a 2.19, permite a usuarios locales provocar una denegación de servicio (consumo de disco) o posiblemente obtener privilegios a través de un ataque de enlace (1) simbólico o (2) duro en /var/crash/vmcore.log. • https://www.exploit-db.com/exploits/38353 http://packetstormsecurity.com/files/133723/Ubuntu-Apport-kernel_crashdump-Symlink.html http://seclists.org/fulldisclosure/2015/Sep/101 http://www.halfdog.net/Security/2015/ApportKernelCrashdumpFileAccessVulnerabilities http://www.ubuntu.com/usn/USN-2744-1 https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1492570 https://launchpad.net/apport/trunk/2.19 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 7.2EPSS: 0%CPEs: 18EXPL: 4

The crash reporting feature in Apport 2.13 through 2.17.x before 2.17.1 allows local users to gain privileges via a crafted usr/share/apport/apport file in a namespace (container). La característica de informes de caídas en Apport 2.13 hasta 2.17.x anterior a 2.17.1 permite a usuarios locales ganar privilegios a través de un fichero usr/share/apport/apport manipulado en un espacio de nombre (contenedor). Various security issues relating to symlink attacks and race conditions with Abrt and Apport are documented here. • https://www.exploit-db.com/exploits/36782 https://www.exploit-db.com/exploits/36746 https://www.exploit-db.com/exploits/43971 https://github.com/ScottyBauer/CVE-2015-1318 http://www.osvdb.org/120803 http://www.ubuntu.com/usn/USN-2569-1 https://bugs.launchpad.net/ubuntu/%2Bsource/apport/%2Bbug/1438758 https://launchpad.net/apport/trunk/2.17.1 • CWE-264: Permissions, Privileges, and Access Controls •