CVE-2016-9950

moderate-risk

Published 2016-12-17

An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file "Package" and "SourcePackage" fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory. An attacker can exploit this path traversal to execute arbitrary Python files from the local system.

Do I need to act?

0.73% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

40937

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.8/10 High

LOCAL / LOW complexity

Affected Products (2)

Apport

Ubuntu Linux

Affected Vendors

Canonical Apport Project

References (12)

Third Party Advisory http://www.securityfocus.com/bid/95011

http://www.ubuntu.com/usn/USN-3157-1

Issue Tracking https://bugs.launchpad.net/apport/+bug/1648806

Exploit https://donncha.is/2016/12/compromising-ubuntu-desktop/

Issue Tracking https://github.com/DonnchaC/ubuntu-apport-exploitation

https://www.exploit-db.com/exploits/40937/

Third Party Advisory http://www.securityfocus.com/bid/95011

http://www.ubuntu.com/usn/USN-3157-1

Issue Tracking https://bugs.launchpad.net/apport/+bug/1648806

Exploit https://donncha.is/2016/12/compromising-ubuntu-desktop/

Issue Tracking https://github.com/DonnchaC/ubuntu-apport-exploitation

https://www.exploit-db.com/exploits/40937/

/ 100

moderate-risk

Severity 24/34 · High

Exploitability 2/34 · Minimal

Exposure 7/34 · Low