Apport version 2.x on Ubuntu Desktop versions 12.10 up to 16.04 local code execution exploit.
58f056541314215738fc565a181c0095886482addab3394cc2cc59a0b2938a0fUbuntu Security Notice 3157-1 - Donncha O Cearbhaill discovered that the crash file parser in Apport improperly treated the CrashDB field as python code. An attacker could use this to convince a user to open a maliciously crafted crash file and execute arbitrary code with the privileges of that user. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Donncha O Cearbhaill discovered that Apport did not properly sanitize the Package and SourcePackage fields in crash files before processing package specific hooks. An attacker could use this to convince a user to open a maliciously crafted crash file and execute arbitrary code with the privileges of that user. Various other issues were also addressed.
a6a736e2e12ac1c6250ab44dd7b1b96530916ecd5f2b440dec573008e9c757d8
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed