CVE-2016-9950
Published: 14 December 2016
An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file "Package" and "SourcePackage" fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory. An attacker can exploit this path traversal to execute arbitrary Python files from the local system.
From the Ubuntu security team
Donncha O Cearbhaill discovered that Apport did not properly sanitize the Package and SourcePackage fields in crash files before processing package specific hooks. An attacker could use this to convince a user to open a maliciously crafted crash file and execute arbitrary code with the privileges of that user.
CVSS 3 base score: 7.8
Status
Package | Release | Status |
---|---|---|
apport Launchpad, Ubuntu, Debian |
precise |
Does not exist
(precise was released [2.0.1-0ubuntu17.15])
|
trusty |
Released
(2.14.1-0ubuntu3.23)
|
|
upstream |
Needs triage
|
|
xenial |
Released
(2.20.1-0ubuntu2.4)
|
|
yakkety |
Released
(2.20.3-0ubuntu8.2)
|
|
zesty |
Not vulnerable
(2.20.4-0ubuntu1)
|