CVE-2015-1318

Apport <2.17.1 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 5 public exploits for CVE-2015-1318. PoCs published by Metasploit, Ricardo F. Teixeira, ScottyBauer, including Metasploit module exploits/linux/local/apport_abrt_chroot_priv_esc.

AI-analyzed exploit summary This Metasploit module exploits CVE-2015-1318, a privilege escalation vulnerability in Apport (Ubuntu) and ABRT (Fedora) due to improper handling of chroot environments in crash handlers. It uploads and executes a precompiled exploit (newpid) to gain root privileges and then executes a payload.

Description

The crash reporting feature in Apport 2.13 through 2.17.x before 2.17.1 allows local users to gain privileges via a crafted usr/share/apport/apport file in a namespace (container).

Exploits (5)

exploitdb WORKING POC VERIFIED
by Metasploit · rubylocallinux
https://www.exploit-db.com/exploits/43971

This Metasploit module exploits CVE-2015-1318, a privilege escalation vulnerability in Apport (Ubuntu) and ABRT (Fedora) due to improper handling of chroot environments in crash handlers. It uploads and executes a precompiled exploit (newpid) to gain root privileges and then executes a payload.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Apport (2.13-2.17.x) on Ubuntu, ABRT on Fedora
No auth needed
Prerequisites: Linux kernel >= 3.12 · Apport or ABRT configured as crash handler · Write access to a directory (e.g., /tmp)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
by Ricardo F. Teixeira · bashlocallinux
https://www.exploit-db.com/exploits/36782

This exploit leverages a vulnerability in Apport (CVE-2015-1318) to achieve local privilege escalation by manipulating the mount namespace and pivot_root to gain root access. It uses LXC tools to create an isolated environment and copies a SUID root shell to /tmp/pwned.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Apport 2.14.1-0ubuntu3.8 on Ubuntu 14.04.2 LTS
Auth required
Prerequisites: Local user access · Apport installed · LXC tools available
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 4 stars
by ScottyBauer · poc
https://github.com/ScottyBauer/CVE-2015-1318

This exploit leverages CVE-2015-1318, a vulnerability in Apport's handling of crashes in user namespaces, to achieve local privilege escalation (LPE) by manipulating directory structures and hardlinks to execute arbitrary code as root.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: Apport (Ubuntu)
Auth required
Prerequisites: Local user access · Kernel version > 3.8 · Apport installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
clocallinux
https://www.exploit-db.com/exploits/36746

This exploit leverages a vulnerability in Apport/Abrt (CVE-2015-1318) by creating a chroot environment with hard links to the exploit binary, then triggering a core dump to execute the binary with elevated privileges. It uses namespace isolation (CLONE_NEWPID | CLONE_NEWUSER) to bypass security checks.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Apport (Ubuntu) / Abrt (Fedora)
No auth needed
Prerequisites: Static compilation of the exploit · Execution in an environment with Apport/Abrt installed
devstral-2 · analyzed Feb 19, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by Stéphane Graber, Tavis Ormandy, Ricardo F. Teixeira, bcoles · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/local/apport_abrt_chroot_priv_esc.rb

This Metasploit module exploits a privilege escalation vulnerability in Apport (CVE-2015-1318) by leveraging a chroot-based coredump handler to execute arbitrary code as root. It uploads and executes a precompiled exploit binary to achieve local privilege escalation on vulnerable Ubuntu or Fedora systems.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Apport (2.13 through 2.17.x before 2.17.1) and ABRT (Fedora 19/20)
No auth needed
Prerequisites: Unprivileged user namespace access · Vulnerable Apport/ABRT configuration · Write access to a directory (default: /tmp)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Patch x_refsource_confirm
https://launchpad.net/apport/trunk/2.17.1
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/120803
Exploit exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/36782/
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2569-1
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/43971/

Scores

EPSS 0.1907
EPSS Percentile 95.5%

Details

CWE
CWE-264
Status published
Products (18)
apport_project/apport 2.13
apport_project/apport 2.13.1
apport_project/apport 2.13.2
apport_project/apport 2.13.3
apport_project/apport 2.14
apport_project/apport 2.14.1
apport_project/apport 2.14.2
apport_project/apport 2.14.3
apport_project/apport 2.14.4
apport_project/apport 2.14.5
... and 8 more
Published Apr 17, 2015
Tracked Since Feb 18, 2026