PT-2015-3304 · Canonical · Apport+1
Sander Bos
·
Published
2015-05-21
·
Updated
2017-08-30
·
CVE-2015-1324
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Apport versions prior to 2.17.2-0ubuntu1.1
Apport versions prior to 2.14.70ubuntu8.5
Apport versions prior to 2.14.1-0ubuntu3.11
Apport versions prior to 2.0.1-0ubuntu17.9
Description
The issue is related to insufficient access control in the Apport service of the Ubuntu operating system. It can be exploited by a local attacker to gain root privileges and modify arbitrary files due to incorrect handling of permissions when creating core dumps for setuid binaries.
Recommendations
For Apport version prior to 2.17.2-0ubuntu1.1, update to version 2.17.2-0ubuntu1.1 or later.
For Apport version prior to 2.14.70ubuntu8.5, update to version 2.14.70ubuntu8.5 or later.
For Apport version prior to 2.14.1-0ubuntu3.11, update to version 2.14.1-0ubuntu3.11 or later.
For Apport version prior to 2.0.1-0ubuntu17.9, update to version 2.0.1-0ubuntu17.9 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apport
Ubuntu