Vulnerability Details : CVE-2016-9951
An issue was discovered in Apport before 2.20.4. A malicious Apport crash file can contain a restart command in `RespawnCommand` or `ProcCmdline` fields. This command will be executed if a user clicks the Relaunch button on the Apport prompt from the malicious crash file. The fix is to only show the Relaunch button on Apport crash files generated by local systems. The Relaunch button will be hidden when crash files are opened directly in Apport-GTK.
Vulnerability category: BypassGain privilege
Products affected by CVE-2016-9951
- cpe:2.3:a:apport_project:apport:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-9951
0.13%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 47 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-9951
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2016-9951
-
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-9951
-
http://www.ubuntu.com/usn/USN-3157-1
USN-3157-1: Apport vulnerabilities | Ubuntu security notices
-
https://www.exploit-db.com/exploits/40937/
Apport 2.x (Ubuntu Desktop 12.10 < 16.04) - Local Code Execution
-
https://bugs.launchpad.net/apport/+bug/1648806
Bug #1648806 “Arbitrary code execution through crafted CrashDB o...” : Bugs : ApportIssue Tracking;Patch
-
http://www.securityfocus.com/bid/95011
Apport Multiple Security VulnerabilitiesThird Party Advisory;VDB Entry
-
https://donncha.is/2016/12/compromising-ubuntu-desktop/
Reliably compromising Ubuntu desktops by attacking the crash reporter | Donncha O'CearbhaillExploit;Technical Description;Third Party Advisory
-
https://github.com/DonnchaC/ubuntu-apport-exploitation
GitHub - DonnchaC/ubuntu-apport-exploitation: This project contains a PoC and exploit generator for a code execution bug in Ubuntu's Apport crash reporterIssue Tracking;Third Party Advisory
Jump to