PT-2015-3304 · Canonical · Apport+1
Sander Bos
·
Publicado
2015-05-21
·
Atualizado
2017-08-30
·
CVE-2015-1324
CVSS v3.1
7.8
Alta
| Vetor | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Apport versions prior to 2.17.2-0ubuntu1.1
Apport versions prior to 2.14.70ubuntu8.5
Apport versions prior to 2.14.1-0ubuntu3.11
Apport versions prior to 2.0.1-0ubuntu17.9
Description
The issue is related to insufficient access control in the Apport service of the Ubuntu operating system. It can be exploited by a local attacker to gain root privileges and modify arbitrary files due to incorrect handling of permissions when creating core dumps for setuid binaries.
Recommendations
For Apport version prior to 2.17.2-0ubuntu1.1, update to version 2.17.2-0ubuntu1.1 or later.
For Apport version prior to 2.14.70ubuntu8.5, update to version 2.14.70ubuntu8.5 or later.
For Apport version prior to 2.14.1-0ubuntu3.11, update to version 2.14.1-0ubuntu3.11 or later.
For Apport version prior to 2.0.1-0ubuntu17.9, update to version 2.0.1-0ubuntu17.9 or later.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Apport
Ubuntu