CVE-2016-9951
published 2016-12-17CVE-2016-9951: An issue was discovered in Apport before 2.20.4. A malicious Apport crash file can contain a restart command in `RespawnCommand` or `ProcCmdline` fields. This…
PriorityP343medium6.5CVSS 3.0
AVNACLPRNUIRSUCNINAH
EXPLOIT
EPSS
6.67%
93.1th percentile
An issue was discovered in Apport before 2.20.4. A malicious Apport crash file can contain a restart command in `RespawnCommand` or `ProcCmdline` fields. This command will be executed if a user clicks the Relaunch button on the Apport prompt from the malicious crash file. The fix is to only show the Relaunch button on Apport crash files generated by local systems. The Relaunch button will be hidden when crash files are opened directly in Apport-GTK.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apport_project | apport | <= 2.20.3 | — |
| apport_project | apport | >= 0 < 2.14.1-0ubuntu3.23 | 2.14.1-0ubuntu3.23 |
| apport_project | apport | >= 0 < 2.20.1-0ubuntu2.4 | 2.20.1-0ubuntu2.4 |
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv7.8HIGH
vendor_redhat9.8CRITICAL
vendor_ubuntu7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-666r-6mfg-455c: An issue was discovered in Apport before 2
ghsa_unreviewed·2022-05-17
CVE-2016-9951 [MEDIUM] CWE-284 GHSA-666r-6mfg-455c: An issue was discovered in Apport before 2
An issue was discovered in Apport before 2.20.4. A malicious Apport crash file can contain a restart command in `RespawnCommand` or `ProcCmdline` fields. This command will be executed if a user clicks the Relaunch button on the Apport prompt from the malicious crash file. The fix is to only show the Relaunch button on Apport crash files generated by local systems. The Relaunch button will be hidden when crash files are opened directly in Apport-GTK.
OSV
CVE-2016-9951: An issue was discovered in Apport before 2
osv·2016-12-14·CVSS 6.5
CVE-2016-9951 [MEDIUM] CVE-2016-9951: An issue was discovered in Apport before 2
An issue was discovered in Apport before 2.20.4. A malicious Apport crash file can contain a restart command in `RespawnCommand` or `ProcCmdline` fields. This command will be executed if a user clicks the Relaunch button on the Apport prompt from the malicious crash file. The fix is to only show the Relaunch button on Apport crash files generated by local systems. The Relaunch button will be hidden when crash files are opened directly in Apport-GTK.
OSV
apport vulnerabilities
osv·2016-12-14·CVSS 7.8
CVE-2016-9949 [HIGH] apport vulnerabilities
apport vulnerabilities
Donncha O Cearbhaill discovered that the crash file parser in Apport
improperly treated the CrashDB field as python code. An attacker could
use this to convince a user to open a maliciously crafted crash file
and execute arbitrary code with the privileges of that user. This issue
only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-9949)
Donncha O Cearbhaill discovered that Apport did not properly sanitize the
Package and SourcePackage fields in crash files before processing package
specific hooks. An attacker could use this to convince a user to open a
maliciously crafted crash file and execute arbitrary code with the
privileges of that user. (CVE-2016-9950)
Donncha O Cearbhaill discovered that Apport would offer to restart an
application based on the c
Red Hat
memcached: Heap-based buffer over-read in try_read_command function (incomplete fix for CVE-2016-8705)
vendor_redhat·2017-07-17·CVSS 9.8
CVE-2017-9951 [CRITICAL] CWE-119 memcached: Heap-based buffer over-read in try_read_command function (incomplete fix for CVE-2016-8705)
memcached: Heap-based buffer over-read in try_read_command function (incomplete fix for CVE-2016-8705)
The try_read_command function in memcached.c in memcached before 1.4.39 allows remote attackers to cause a denial of service (segmentation fault) via a request to add/set a key, which makes a comparison between signed and unsigned int and triggers a heap-based buffer over-read. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8705.
Statement: Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Mitigation: This flaw is in the memcached bi
Ubuntu
Apport vulnerabilities
vendor_ubuntu·2016-12-14·CVSS 7.8
CVE-2016-9949 [HIGH] Apport vulnerabilities
Title: Apport vulnerabilities
Summary: Apport could be made to run programs as your login if it opened a
specially crafted file.
Donncha O Cearbhaill discovered that the crash file parser in Apport
improperly treated the CrashDB field as python code. An attacker could
use this to convince a user to open a maliciously crafted crash file
and execute arbitrary code with the privileges of that user. This issue
only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-9949)
Donncha O Cearbhaill discovered that Apport did not properly sanitize the
Package and SourcePackage fields in crash files before processing package
specific hooks. An attacker could use this to convince a user to open a
maliciously crafted crash file and execute arbitrary code with the
privileges of that user. (CVE-2
No detection rules found.
http://www.securityfocus.com/bid/95011http://www.ubuntu.com/usn/USN-3157-1https://bugs.launchpad.net/apport/+bug/1648806https://donncha.is/2016/12/compromising-ubuntu-desktop/https://github.com/DonnchaC/ubuntu-apport-exploitationhttps://www.exploit-db.com/exploits/40937/http://www.securityfocus.com/bid/95011http://www.ubuntu.com/usn/USN-3157-1https://bugs.launchpad.net/apport/+bug/1648806https://donncha.is/2016/12/compromising-ubuntu-desktop/https://github.com/DonnchaC/ubuntu-apport-exploitationhttps://www.exploit-db.com/exploits/40937/
2016-12-17
Published