CVE-2016-9949

moderate-risk

Published 2016-12-17

An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "{". This allows remote attackers to execute arbitrary Python code.

Do I need to act?

9.8% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

40937

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.8/10 High

LOCAL / LOW complexity

Affected Products (2)

Apport

Ubuntu Linux

Affected Vendors

Canonical Apport Project

References (12)

Third Party Advisory http://www.securityfocus.com/bid/95011

http://www.ubuntu.com/usn/USN-3157-1

Issue Tracking https://bugs.launchpad.net/apport/+bug/1648806

Exploit https://donncha.is/2016/12/compromising-ubuntu-desktop/

Issue Tracking https://github.com/DonnchaC/ubuntu-apport-exploitation

https://www.exploit-db.com/exploits/40937/

Third Party Advisory http://www.securityfocus.com/bid/95011

http://www.ubuntu.com/usn/USN-3157-1

Issue Tracking https://bugs.launchpad.net/apport/+bug/1648806

Exploit https://donncha.is/2016/12/compromising-ubuntu-desktop/

Issue Tracking https://github.com/DonnchaC/ubuntu-apport-exploitation

https://www.exploit-db.com/exploits/40937/

/ 100

moderate-risk

Severity 24/34 · High

Exploitability 11/34 · Low

Exposure 7/34 · Low