CVE-2016-9950

Published: 14 December 2016

An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file "Package" and "SourcePackage" fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory. An attacker can exploit this path traversal to execute arbitrary Python files from the local system.

From the Ubuntu security team

Donncha O Cearbhaill discovered that Apport did not properly sanitize the Package and SourcePackage fields in crash files before processing package specific hooks. An attacker could use this to convince a user to open a maliciously crafted crash file and execute arbitrary code with the privileges of that user.

Priority

Medium

CVSS 3 base score: 7.8

Status

Package Release Status
apport
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus)
Released (2.20.1-0ubuntu2.4)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (2.14.1-0ubuntu3.23)