CVE-2017-14177
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Apport through 2.20.7 does not properly handle core dumps from setuid binaries allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1324.
Apport, hasta la versión 2.20.7, no gestiona adecuadamente lo volcados de núcleo de binarios setuid, lo que permite que los usuarios locales creen ciertos archivos como root. Un atacante podría aprovechar estos archivos para realizar una denegación de servicio (DoS) mediante el agotamiento de recursos o, posiblemente, obtener privilegios root. NOTA: Esta vulnerabilidad existe debido a una solución incompleta para CVE-2015-1324.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-09-07 CVE Reserved
- 2017-11-16 CVE Published
- 2023-03-08 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-400: Uncontrolled Resource Consumption
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
https://bazaar.launchpad.net/~apport-hackers/apport/trunk/revision/3171 | Issue Tracking | |
https://launchpad.net/bugs/1726372 | Issue Tracking | |
https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-14177 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://usn.ubuntu.com/usn/usn-3480-1 | 2018-02-15 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Apport Project Search vendor "Apport Project" | Apport Search vendor "Apport Project" for product "Apport" | <= 2.20.7 Search vendor "Apport Project" for product "Apport" and version " <= 2.20.7" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | lts |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 17.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "17.04" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 17.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "17.10" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
|