CVE-2016-9951

Apport 2.x (Ubuntu Desktop 12.10 < 16.04) - Local Code Execution

Severity Score

6.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

An issue was discovered in Apport before 2.20.4. A malicious Apport crash file can contain a restart command in `RespawnCommand` or `ProcCmdline` fields. This command will be executed if a user clicks the Relaunch button on the Apport prompt from the malicious crash file. The fix is to only show the Relaunch button on Apport crash files generated by local systems. The Relaunch button will be hidden when crash files are opened directly in Apport-GTK.

Un problema fue descubierto en Apport en versiones anteriores a 2.20.4. Un archivo de bloqueo Apport malicioso puede contener un comando de restauración en campos `RespawnCommand` o `ProcCmdline`. Este comando se ejecutará si un usuario hace click en el botón Relaunch en el prompt Apport desde el archivo de bloqueo malicioso. La solución está en únicamente mostrar el botón Relaunch en archivos de bloqueo Apport generados por los sistemas locales. El botón Relaunch se esconderá cuando archivos de bloqueo se abran directamente en Apport-GTK.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2016-12-14 CVE Reserved
2016-12-15 CVE Published
2024-05-29 EPSS Updated
2024-08-06 CVE Updated
2024-08-06 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-284: Improper Access Control

CAPEC

References (6)

URL	Tag	Source
http://www.securityfocus.com/bid/95011	Third Party Advisory
https://github.com/DonnchaC/ubuntu-apport-exploitation	Issue Tracking

URL	Date	SRC
https://www.exploit-db.com/exploits/40937	2024-08-06
https://donncha.is/2016/12/compromising-ubuntu-desktop	2024-08-06

URL	Date	SRC
https://bugs.launchpad.net/apport/+bug/1648806	2017-01-07

URL	Date	SRC
http://www.ubuntu.com/usn/USN-3157-1	2017-01-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Apport Project Search vendor "Apport Project"		Apport Search vendor "Apport Project" for product "Apport"				<= 2.20.3 Search vendor "Apport Project" for product "Apport" and version " <= 2.20.3"		-		Affected