CVE-2015-1325
published 2017-08-25CVE-2015-1325: Race condition in Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11…
PriorityP342high7CVSS 3.0
AVLACHPRLUINSUCHIHAH
EXPLOIT
EPSS
0.91%
55.4th percentile
Race condition in Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allow local users to write to arbitrary files and gain root privileges.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apport_project | apport | >= 0 < 2.14.1-0ubuntu3.11 | 2.14.1-0ubuntu3.11 |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
CVSS provenance
nvdv3.07.0HIGHCVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.9MEDIUMAV:L/AC:M/Au:N/C:C/I:C/A:C
osv7.8HIGH
vendor_ubuntu7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Apport vulnerabilities
vendor_ubuntu·2015-05-21·CVSS 7.8
CVE-2015-1324 [HIGH] Apport vulnerabilities
Title: Apport vulnerabilities
Summary: Apport could be tricked into creating arbitrary files as an administrator,
resulting in privilege escalation.
Sander Bos discovered that Apport incorrectly handled permissions when
the system was configured to generate core dumps for setuid binaries. A
local attacker could use this issue to gain elevated privileges.
(CVE-2015-1324)
Philip Pettersson discovered that Apport contained race conditions
resulting core dumps to be generated with incorrect permissions in
arbitrary locations. A local attacker could use this issue to gain elevated
privileges. (CVE-2015-1325)
Instructions: In general, a standard system update will make all the necessary changes.
GHSA
GHSA-jwpx-wh9c-729p: Race condition in Apport before 2
ghsa_unreviewed·2022-05-17
CVE-2015-1325 [HIGH] CWE-362 GHSA-jwpx-wh9c-729p: Race condition in Apport before 2
Race condition in Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allow local users to write to arbitrary files and gain root privileges.
OSV
CVE-2015-1325: Race condition in Apport before 2
osv·2015-05-21·CVSS 7.0
CVE-2015-1325 [HIGH] CVE-2015-1325: Race condition in Apport before 2
Race condition in Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allow local users to write to arbitrary files and gain root privileges.
OSV
apport vulnerabilities
osv·2015-05-21·CVSS 7.8
CVE-2015-1324 [HIGH] apport vulnerabilities
apport vulnerabilities
Sander Bos discovered that Apport incorrectly handled permissions when
the system was configured to generate core dumps for setuid binaries. A
local attacker could use this issue to gain elevated privileges.
(CVE-2015-1324)
Philip Pettersson discovered that Apport contained race conditions
resulting core dumps to be generated with incorrect permissions in
arbitrary locations. A local attacker could use this issue to gain elevated
privileges. (CVE-2015-1325)
No detection rules found.
No writeups or analysis indexed.
http://www.openwall.com/lists/oss-security/2015/05/21/10http://www.securityfocus.com/bid/74769http://www.ubuntu.com/usn/USN-2609-1https://www.exploit-db.com/exploits/37088/http://seclists.org/fulldisclosure/2025/Jun/9http://www.openwall.com/lists/oss-security/2015/05/21/10http://www.securityfocus.com/bid/74769http://www.ubuntu.com/usn/USN-2609-1https://www.exploit-db.com/exploits/37088/
2017-08-25
Published