CVE-2016-9949

Published: 14 December 2016

An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "{". This allows remote attackers to execute arbitrary Python code.

From the Ubuntu security team

Donncha O Cearbhaill discovered that the crash file parser in Apport improperly treated the CrashDB field as python code. An attacker could use this to convince a user to open a maliciously crafted crash file and execute arbitrary code with the privileges of that user.

Priority

CVSS 3 base score: 7.8

Status

Package	Release	Status
apport Launchpad, Ubuntu, Debian	Upstream	Needs triage





	Ubuntu 16.04 ESM (Xenial Xerus)	Released (2.20.1-0ubuntu2.4)
	Ubuntu 14.04 ESM (Trusty Tahr)	Released (2.14.1-0ubuntu3.23)

Notes

Author	Note
sbeattie	precise not affected

References

Bugs

https://bugs.launchpad.net/bugs/1648806

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›