cpe:2.3:a:apport_project:apport:2.13.3:*:*:*:*:*:*:*
Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges, a different vulnerability than CVE-2017-14179.
Source: Canonical Ltd.
Max CVSS
7.8
EPSS Score
0.04%
Published
2018-02-02
Updated
2018-02-15
Apport through 2.20.7 does not properly handle core dumps from setuid binaries allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1324.
Source: Canonical Ltd.
Max CVSS
7.8
EPSS Score
0.04%
Published
2018-02-02
Updated
2018-02-15
An issue was discovered in Apport through 2.20.x. In apport/report.py, Apport sets the ExecutablePath field and it then uses the path to run package specific hooks without protecting against path traversal. This allows remote attackers to execute arbitrary code via a crafted .crash file.
Source: MITRE
Max CVSS
7.8
EPSS Score
0.56%
Published
2017-07-18
Updated
2017-08-07
An issue was discovered in Apport before 2.20.4. A malicious Apport crash file can contain a restart command in `RespawnCommand` or `ProcCmdline` fields. This command will be executed if a user clicks the Relaunch button on the Apport prompt from the malicious crash file. The fix is to only show the Relaunch button on Apport crash files generated by local systems. The Relaunch button will be hidden when crash files are opened directly in Apport-GTK.
Source: MITRE
Max CVSS
6.5
EPSS Score
0.14%
Published
2016-12-17
Updated
2017-01-07
An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file "Package" and "SourcePackage" fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory. An attacker can exploit this path traversal to execute arbitrary Python files from the local system.
Source: MITRE
Max CVSS
9.3
EPSS Score
0.13%
Published
2016-12-17
Updated
2017-01-07
An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "{". This allows remote attackers to execute arbitrary Python code.
Source: MITRE
Max CVSS
9.3
EPSS Score
0.57%
Published
2016-12-17
Updated
2017-01-07
kernel_crashdump in Apport before 2.19 allows local users to cause a denial of service (disk consumption) or possibly gain privileges via a (1) symlink or (2) hard link attack on /var/crash/vmcore.log.
Source: Canonical Ltd.
Max CVSS
7.2
EPSS Score
0.05%
Published
2015-10-01
Updated
2015-10-02

CVE-2015-1318

Public exploit
The crash reporting feature in Apport 2.13 through 2.17.x before 2.17.1 allows local users to gain privileges via a crafted usr/share/apport/apport file in a namespace (container).
Source: Canonical Ltd.
Max CVSS
7.2
EPSS Score
0.06%
Published
2015-04-17
Updated
2018-02-08
8 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!