Description
An issue was discovered in Apport before 2.20.4. A malicious Apport crash file can contain a restart command in `RespawnCommand` or `ProcCmdline` fields. This command will be executed if a user clicks the Relaunch button on the Apport prompt from the malicious crash file. The fix is to only show the Relaunch button on Apport crash files generated by local systems. The Relaunch button will be hidden when crash files are opened directly in Apport-GTK.
Exploits (1)
References (6)
Core 6
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/DonnchaC/ubuntu-apport-exploitation
Exploit, Technical Description, Third Party Advisory x_refsource_misc
https://donncha.is/2016/12/compromising-ubuntu-desktop/
Issue Tracking, Patch x_refsource_misc
https://bugs.launchpad.net/apport/+bug/1648806
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/95011
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-3157-1
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/40937/
Scores
CVSS v3
6.5
EPSS
0.0794
EPSS Percentile
92.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-284
Status
published
Products (1)
apport_project/apport
< 2.20.3
Published
Dec 17, 2016
Tracked Since
Feb 18, 2026