CVE-2016-9950
published 2016-12-17CVE-2016-9950: An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file "Package" and "SourcePackage" fields. These fields…
PriorityP348high7.8CVSS 3.0
AVLACLPRNUIRSUCHIHAH
EXPLOIT
EPSS
6.55%
93.0th percentile
An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file "Package" and "SourcePackage" fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory. An attacker can exploit this path traversal to execute arbitrary Python files from the local system.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apport_project | apport | <= 2.20.3 | — |
| apport_project | apport | >= 0 < 2.14.1-0ubuntu3.23 | 2.14.1-0ubuntu3.23 |
| apport_project | apport | >= 0 < 2.20.1-0ubuntu2.4 | 2.20.1-0ubuntu2.4 |
| canonical | ubuntu_linux | <= 12.10 | — |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv7.8HIGH
vendor_ubuntu7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rgrg-wm7f-3pp8: An issue was discovered in Apport before 2
ghsa_unreviewed·2022-05-17
CVE-2016-9950 [HIGH] CWE-22 GHSA-rgrg-wm7f-3pp8: An issue was discovered in Apport before 2
An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file "Package" and "SourcePackage" fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory. An attacker can exploit this path traversal to execute arbitrary Python files from the local system.
OSV
CVE-2016-9950: An issue was discovered in Apport before 2
osv·2016-12-14·CVSS 7.8
CVE-2016-9950 [HIGH] CVE-2016-9950: An issue was discovered in Apport before 2
An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file "Package" and "SourcePackage" fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory. An attacker can exploit this path traversal to execute arbitrary Python files from the local system.
OSV
apport vulnerabilities
osv·2016-12-14·CVSS 7.8
CVE-2016-9949 [HIGH] apport vulnerabilities
apport vulnerabilities
Donncha O Cearbhaill discovered that the crash file parser in Apport
improperly treated the CrashDB field as python code. An attacker could
use this to convince a user to open a maliciously crafted crash file
and execute arbitrary code with the privileges of that user. This issue
only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-9949)
Donncha O Cearbhaill discovered that Apport did not properly sanitize the
Package and SourcePackage fields in crash files before processing package
specific hooks. An attacker could use this to convince a user to open a
maliciously crafted crash file and execute arbitrary code with the
privileges of that user. (CVE-2016-9950)
Donncha O Cearbhaill discovered that Apport would offer to restart an
application based on the c
Ubuntu
Apport vulnerabilities
vendor_ubuntu·2016-12-14·CVSS 7.8
CVE-2016-9949 [HIGH] Apport vulnerabilities
Title: Apport vulnerabilities
Summary: Apport could be made to run programs as your login if it opened a
specially crafted file.
Donncha O Cearbhaill discovered that the crash file parser in Apport
improperly treated the CrashDB field as python code. An attacker could
use this to convince a user to open a maliciously crafted crash file
and execute arbitrary code with the privileges of that user. This issue
only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-9949)
Donncha O Cearbhaill discovered that Apport did not properly sanitize the
Package and SourcePackage fields in crash files before processing package
specific hooks. An attacker could use this to convince a user to open a
maliciously crafted crash file and execute arbitrary code with the
privileges of that user. (CVE-2
No detection rules found.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/95011http://www.ubuntu.com/usn/USN-3157-1https://bugs.launchpad.net/apport/+bug/1648806https://donncha.is/2016/12/compromising-ubuntu-desktop/https://github.com/DonnchaC/ubuntu-apport-exploitationhttps://www.exploit-db.com/exploits/40937/http://www.securityfocus.com/bid/95011http://www.ubuntu.com/usn/USN-3157-1https://bugs.launchpad.net/apport/+bug/1648806https://donncha.is/2016/12/compromising-ubuntu-desktop/https://github.com/DonnchaC/ubuntu-apport-exploitationhttps://www.exploit-db.com/exploits/40937/
2016-12-17
Published