6.5

CVE-2016-9951

Exploit

EPSS 9.96%
Veröffentlicht 17.12.2016 03:59:00
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

An issue was discovered in Apport before 2.20.4. A malicious Apport crash file can contain a restart command in `RespawnCommand` or `ProcCmdline` fields. This command will be executed if a user clicks the Relaunch button on the Apport prompt from the malicious crash file. The fix is to only show the Relaunch button on Apport crash files generated by local systems. The Relaunch button will be hidden when crash files are opened directly in Apport-GTK.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apport Project ≫ Apport Version <= 2.20.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	9.96%	0.922

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

http://www.securityfocus.com/bid/95011

Third Party Advisory

VDB Entry

http://www.ubuntu.com/usn/USN-3157-1

https://bugs.launchpad.net/apport/+bug/1648806

Patch

Issue Tracking

https://donncha.is/2016/12/compromising-ubuntu-desktop/

Third Party Advisory

Exploit

Technical Description

https://github.com/DonnchaC/ubuntu-apport-exploitation

Third Party Advisory

Issue Tracking

https://www.exploit-db.com/exploits/40937/

https://nvd.nist.gov/vuln/detail/CVE-2016-9951

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-9951

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-9951

EUVD