DonnchaC/ubuntu-apport-exploitation

DonnchaC/ubuntu-apport-exploitation

Releases0

Stars95

This project contains a PoC and exploit generator for a code execution bug in Ubuntu's Apport crash reporter

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2016-9949 ↗	Dec 17, 2016Saturday, 17 December 2016, 03:59	—	9.3 HIGH
An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "{". This allows remote attackers to execute arbitrary Python code.
CVE-2016-9950 ↗	Dec 17, 2016Saturday, 17 December 2016, 03:59	—	9.3 HIGH
An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file "Package" and "SourcePackage" fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory. An attacker can exploit this path traversal to execute arbitrary Python files from the local system.
CVE-2016-9951 ↗	Dec 17, 2016Saturday, 17 December 2016, 03:59	—	4.3 MEDIUM
An issue was discovered in Apport before 2.20.4. A malicious Apport crash file can contain a restart command in `RespawnCommand` or `ProcCmdline` fields. This command will be executed if a user clicks the Relaunch button on the Apport prompt from the malicious crash file. The fix is to only show the Relaunch button on Apport crash files generated by local systems. The Relaunch button will be hidden when crash files are opened directly in Apport-GTK.