Vulnerability Details : CVE-2015-1318
Public exploit exists!
The crash reporting feature in Apport 2.13 through 2.17.x before 2.17.1 allows local users to gain privileges via a crafted usr/share/apport/apport file in a namespace (container).
Products affected by CVE-2015-1318
- cpe:2.3:a:apport_project:apport:2.13.3:*:*:*:*:*:*:*
- cpe:2.3:a:apport_project:apport:2.14:*:*:*:*:*:*:*
- cpe:2.3:a:apport_project:apport:2.14.1:*:*:*:*:*:*:*
- cpe:2.3:a:apport_project:apport:2.15:*:*:*:*:*:*:*
- cpe:2.3:a:apport_project:apport:2.15.1:*:*:*:*:*:*:*
- cpe:2.3:a:apport_project:apport:2.14.2:*:*:*:*:*:*:*
- cpe:2.3:a:apport_project:apport:2.14.3:*:*:*:*:*:*:*
- cpe:2.3:a:apport_project:apport:2.16:*:*:*:*:*:*:*
- cpe:2.3:a:apport_project:apport:2.16.1:*:*:*:*:*:*:*
- cpe:2.3:a:apport_project:apport:2.13.1:*:*:*:*:*:*:*
- cpe:2.3:a:apport_project:apport:2.13.2:*:*:*:*:*:*:*
- cpe:2.3:a:apport_project:apport:2.14.6:*:*:*:*:*:*:*
- cpe:2.3:a:apport_project:apport:2.14.7:*:*:*:*:*:*:*
- cpe:2.3:a:apport_project:apport:2.13:*:*:*:*:*:*:*
- cpe:2.3:a:apport_project:apport:2.14.4:*:*:*:*:*:*:*
- cpe:2.3:a:apport_project:apport:2.14.5:*:*:*:*:*:*:*
- cpe:2.3:a:apport_project:apport:2.16.2:*:*:*:*:*:*:*
- cpe:2.3:a:apport_project:apport:2.17:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-1318
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 26 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2015-1318
-
Apport / ABRT chroot Privilege Escalation
Disclosure Date: 2015-03-31First seen: 2020-04-26exploit/linux/local/apport_abrt_chroot_priv_escThis module attempts to gain root privileges on Linux systems by invoking the default coredump handler inside a namespace ("container"). Apport versions 2.13 through 2.17.x before 2.17.1 on Ubuntu are vulnerable, due to a feature which allows forwarding reports to
CVSS scores for CVE-2015-1318
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
CWE ids for CVE-2015-1318
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-1318
-
https://bugs.launchpad.net/ubuntu/%2Bsource/apport/%2Bbug/1438758
Bug #1438758 “User to root privilege escalation (ab)using the cr...” : Bugs : apport package : Ubuntu
-
https://www.exploit-db.com/exploits/43971/
Apport/ABRT - 'chroot' Local Privilege Escalation (Metasploit)
-
http://www.ubuntu.com/usn/USN-2569-1
USN-2569-1: Apport vulnerability | Ubuntu security notices
-
https://launchpad.net/apport/trunk/2.17.1
2.17.1 : Series trunk : ApportPatch
-
https://www.exploit-db.com/exploits/36782/
Apport 2.14.1 (Ubuntu 14.04.2) - Local Privilege EscalationExploit
Jump to