CVE-2016-9949

Published: 14 December 2016

An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "{". This allows remote attackers to execute arbitrary Python code.

From the Ubuntu security team

Donncha O Cearbhaill discovered that the crash file parser in Apport improperly treated the CrashDB field as python code. An attacker could use this to convince a user to open a maliciously crafted crash file and execute arbitrary code with the privileges of that user.

Priority

Medium

CVSS 3 base score: 7.8

Status

Package Release Status
apport
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 LTS (Xenial Xerus)
Released (2.20.1-0ubuntu2.4)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (2.14.1-0ubuntu3.23)