6.5

CVE-2016-9951

Exploit

EPSS 9.96%
Published 17.12.2016 03:59:00
Last modified 12.04.2025 10:46:40
Source cve@mitre.org
Teams watchlist Login
Open Login

An issue was discovered in Apport before 2.20.4. A malicious Apport crash file can contain a restart command in `RespawnCommand` or `ProcCmdline` fields. This command will be executed if a user clicks the Relaunch button on the Apport prompt from the malicious crash file. The fix is to only show the Relaunch button on Apport crash files generated by local systems. The Relaunch button will be hidden when crash files are opened directly in Apport-GTK.

Affected products Warnungen 0 Metrics 3 CWE 1 References 9

Data is provided by the National Vulnerability Database (NVD)

Apport Project ≫ Apport Version <= 2.20.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	9.96%	0.922

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

http://www.securityfocus.com/bid/95011

Third Party Advisory

VDB Entry

http://www.ubuntu.com/usn/USN-3157-1

https://bugs.launchpad.net/apport/+bug/1648806

Patch

Issue Tracking

https://donncha.is/2016/12/compromising-ubuntu-desktop/

Third Party Advisory

Exploit

Technical Description

https://github.com/DonnchaC/ubuntu-apport-exploitation

Third Party Advisory

Issue Tracking

https://www.exploit-db.com/exploits/40937/

https://nvd.nist.gov/vuln/detail/CVE-2016-9951

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-9951

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-9951

EUVD