CVE-2016-9949
Published: 14 December 2016
An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "{". This allows remote attackers to execute arbitrary Python code.
From the Ubuntu security team
Donncha O Cearbhaill discovered that the crash file parser in Apport improperly treated the CrashDB field as python code. An attacker could use this to convince a user to open a maliciously crafted crash file and execute arbitrary code with the privileges of that user.
Priority
CVSS 3 base score: 7.8
Notes
Author | Note |
---|---|
sbeattie | precise not affected |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9949
- https://donncha.is/2016/12/compromising-ubuntu-desktop/
- https://ubuntu.com/security/notices/USN-3157-1
- NVD
- Launchpad
- Debian