CVE-2015-1341 — Apport vulnerability

CWE-2647 documents7 sources

Severity

7.8HIGHNVD

CNA7.4

EPSS

0.1%

top 66.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ubuntu Apport Canonical Apport Apport Project Apport +1 more

Timeline

PublishedApr 22

Latest updateMay 24

Description

Any Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument is -m in Apport before 2.19.2 function _python_module_path.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5ubuntu/apportunspecified — 2.0.1-0ubuntu17.13+4

▶NVDcanonical/apport< 2.19.2

▶Ubuntuapport_project/apport< 2.14.1-0ubuntu3.18+1

Also affects: Ubuntu Linux 12.04, 14.04, 15.04, 15.10

🔴Vulnerability Details

GHSA

GHSA-gm79-rmm9-x7g9: Any Python module in sys↗2022-05-24

▶

CVEList

Apport privilege escalation through Python module imports↗2019-04-22

▶

OSV

CVE-2015-1341: Any Python module in sys↗2015-10-27

▶

📋Vendor Advisories

Ubuntu

Apport vulnerability↗2015-10-27

▶

Red Hat

webkitgtk: arbitrary code execution and denial of service via a crafted web site (WSA-2015-0001)↗2015-01-26

▶

💬Community

Bugzilla

CVE-2014-1341 webkitgtk: arbitrary code execution and denial of service via a crafted web site (WSA-2015-0001)↗2015-01-27

▶