cbcvebase.
CVE-2015-1324
published 2017-08-25

CVE-2015-1324: Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in…

PriorityP340high7.8CVSS 3.0
AVLACLPRLUINSUCHIHAH
EPSS
0.36%
27.4th percentile
Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allow local users to write to arbitrary files and gain root privileges by leveraging incorrect handling of permissions when generating core dumps for setuid binaries.

Affected

12 ranges
VendorProductVersion rangeFixed in
apport_projectapport<= 2.20.7
apport_projectapport>= 0 < 2.14.1-0ubuntu3.112.14.1-0ubuntu3.11
apport_projectapport>= 0 < 2.14.1-0ubuntu3.272.14.1-0ubuntu3.27
apport_projectapport>= 0 < 2.20.1-0ubuntu2.122.20.1-0ubuntu2.12
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux

CVSS provenance

nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
osv7.8HIGH
vendor_ubuntu7.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.