CVE-2016-9951

MEDIUM

Apport < 2.20.3 - Unauthenticated Command Execution via Malicious Crash File

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-9951. PoCs published by Donncha OCearbhaill.

AI-analyzed exploit summary This is a writeup discussing multiple vulnerabilities in Apport, including CVE-2016-9951, which allows arbitrary command execution via the 'Relaunch' action. The text provides context, links to fixes, and encourages responsible disclosure.

Description

An issue was discovered in Apport before 2.20.4. A malicious Apport crash file can contain a restart command in `RespawnCommand` or `ProcCmdline` fields. This command will be executed if a user clicks the Relaunch button on the Apport prompt from the malicious crash file. The fix is to only show the Relaunch button on Apport crash files generated by local systems. The Relaunch button will be hidden when crash files are opened directly in Apport-GTK.

Exploits (1)

exploitdb WRITEUP

by Donncha OCearbhaill · textlocallinux

https://www.exploit-db.com/exploits/40937

View Code ZIP pw:eip

This is a writeup discussing multiple vulnerabilities in Apport, including CVE-2016-9951, which allows arbitrary command execution via the 'Relaunch' action. The text provides context, links to fixes, and encourages responsible disclosure.

Classification

Writeup 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Apport (Ubuntu)

No auth needed

Prerequisites: Access to a vulnerable Apport instance

MITRE ATT&CK