CVE-2016-9950

Published: 14 December 2016

An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file "Package" and "SourcePackage" fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory. An attacker can exploit this path traversal to execute arbitrary Python files from the local system.

From the Ubuntu security team

Donncha O Cearbhaill discovered that Apport did not properly sanitize the Package and SourcePackage fields in crash files before processing package specific hooks. An attacker could use this to convince a user to open a maliciously crafted crash file and execute arbitrary code with the privileges of that user.

Priority

CVSS 3 base score: 7.8

Status

Package	Release	Status
apport Launchpad, Ubuntu, Debian	Upstream	Needs triage





	Ubuntu 16.04 ESM (Xenial Xerus)	Released (2.20.1-0ubuntu2.4)
	Ubuntu 14.04 ESM (Trusty Tahr)	Released (2.14.1-0ubuntu3.23)

References

Bugs

https://bugs.launchpad.net/bugs/1648806

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›