Vulnerability Details : CVE-2015-1338
kernel_crashdump in Apport before 2.19 allows local users to cause a denial of service (disk consumption) or possibly gain privileges via a (1) symlink or (2) hard link attack on /var/crash/vmcore.log.
Vulnerability category: Denial of service
Products affected by CVE-2015-1338
- cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:a:apport_project:apport:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-1338
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 13 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-1338
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
CWE ids for CVE-2015-1338
-
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-1338
-
http://www.ubuntu.com/usn/USN-2744-1
USN-2744-1: Apport vulnerability | Ubuntu security notices
-
https://launchpad.net/apport/trunk/2.19
2.19 : Series trunk : ApportPatch
-
https://www.exploit-db.com/exploits/38353/
Apport 2.19 (Ubuntu 15.04) - Local Privilege EscalationExploit
-
http://packetstormsecurity.com/files/133723/Ubuntu-Apport-kernel_crashdump-Symlink.html
Ubuntu Apport kernel_crashdump Symlink ≈ Packet StormExploit
-
http://seclists.org/fulldisclosure/2015/Sep/101
Full Disclosure: Apport kernel_crashdump symlink vulnerability exploitation
-
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1492570
Bug #1492570 “/usr/share/apport/kernel_crashdump accesses files ...” : Bugs : apport package : Ubuntu
-
http://www.halfdog.net/Security/2015/ApportKernelCrashdumpFileAccessVulnerabilities/
Apport Kernel Crashdump File Access VulnerabilitiesExploit
Jump to