Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-1338

CWE-598 documents8 sources

Severity

7.2HIGH

EPSS

0.4%

top 40.61%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Apport Project Apport Canonical Ubuntu Linux

Timeline

PublishedOct 1

Latest updateMay 17

Description

kernel_crashdump in Apport before 2.19 allows local users to cause a denial of service (disk consumption) or possibly gain privileges via a (1) symlink or (2) hard link attack on /var/crash/vmcore.log.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

▶Ubuntuapport< 2.14.1-0ubuntu3.15

▶NVDapport_project/apport2.18.1

Also affects: Ubuntu Linux 12.04, 14.04, 15.04

Patches

Patch: launchpad.net ↗Patch: launchpad.net ↗

🔴Vulnerability Details

GHSA

GHSA-77gx-3rjc-296q: kernel_crashdump in Apport before 2↗2022-05-17

▶

CVEList

CVE-2015-1338: kernel_crashdump in Apport before 2↗2015-10-01

▶

OSV

CVE-2015-1338: kernel_crashdump in Apport before 2↗2015-09-24

▶

💥Exploits & PoCs

Exploit-DB

Apport 2.19 (Ubuntu 15.04) - Local Privilege Escalation↗2015-09-29

▶

📋Vendor Advisories

Ubuntu

Apport vulnerability↗2015-09-24

▶

Red Hat

webkitgtk: arbitrary code execution and denial of service via a crafted web site (WSA-2015-0001)↗2015-01-26

▶

💬Community

Bugzilla

CVE-2014-1338 webkitgtk: arbitrary code execution and denial of service via a crafted web site (WSA-2015-0001)↗2015-01-27

▶