Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-1318

CWE-2648 documents6 sources

Severity

7.2HIGH

EPSS

19.1%

top 4.66%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Apport Project Apport

Timeline

PublishedApr 17

Latest updateMay 14

Description

The crash reporting feature in Apport 2.13 through 2.17.x before 2.17.1 allows local users to gain privileges via a crafted usr/share/apport/apport file in a namespace (container).

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

▶Ubuntuapport< 2.14.1-0ubuntu3.9

▶NVDapport_project/apport18 versions+17

Patches

Patch: launchpad.net ↗Patch: launchpad.net ↗

🔴Vulnerability Details

GHSA

GHSA-cpww-w9jx-qp3p: The crash reporting feature in Apport 2↗2022-05-14

▶

CVEList

CVE-2015-1318: The crash reporting feature in Apport 2↗2015-04-17

▶

OSV

CVE-2015-1318: The crash reporting feature in Apport 2↗2015-04-14

▶

💥Exploits & PoCs

Exploit-DB

Apport/ABRT - 'chroot' Local Privilege Escalation (Metasploit)↗2018-02-05

▶

Exploit-DB

Apport 2.14.1 (Ubuntu 14.04.2) - Local Privilege Escalation↗2015-04-17

▶

Exploit-DB

Apport/Abrt (Ubuntu / Fedora) - Local Privilege Escalation↗2015-04-14

▶

📋Vendor Advisories

Ubuntu

Apport vulnerability↗2015-04-14

▶