CVE-2016-9951

MEDIUM

Apport < 2.20.3 - Improper Access Control

Title source: rule

Description

An issue was discovered in Apport before 2.20.4. A malicious Apport crash file can contain a restart command in `RespawnCommand` or `ProcCmdline` fields. This command will be executed if a user clicks the Relaunch button on the Apport prompt from the malicious crash file. The fix is to only show the Relaunch button on Apport crash files generated by local systems. The Relaunch button will be hidden when crash files are opened directly in Apport-GTK.

Exploits (1)

exploitdb WRITEUP

by Donncha OCearbhaill · textlocallinux

https://www.exploit-db.com/exploits/40937

View Code ZIP pw:eip

References (6)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/95011

[Vendor Advisory] http://www.ubuntu.com/usn/USN-3157-1

[Issue Tracking, Patch] https://bugs.launchpad.net/apport/+bug/1648806

[Exploit, Technical Description, Third Party Advisory] https://donncha.is/2016/12/compromising-ubuntu-desktop/

[Issue Tracking, Third Party Advisory] https://github.com/DonnchaC/ubuntu-apport-exploitation

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/40937/

Scores

CVSS v3 6.5

EPSS 0.0794

EPSS Percentile 91.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Classification

CWE

CWE-284

Status published

Affected Products (2)

apport_project/apport < 2.20.3

n/a/n/a

Timeline

Published Dec 17, 2016

Tracked Since Feb 18, 2026