6.6 Medium
AI Score
Confidence
High
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
15.1%
kernel_crashdump in Apport before 2.19 allows local users to cause a denial of service (disk consumption) or possibly gain privileges via a (1) symlink or (2) hard link attack on /var/crash/vmcore.log.
packetstormsecurity.com/files/133723/Ubuntu-Apport-kernel_crashdump-Symlink.html
seclists.org/fulldisclosure/2015/Sep/101
www.halfdog.net/Security/2015/ApportKernelCrashdumpFileAccessVulnerabilities/
www.ubuntu.com/usn/USN-2744-1
bugs.launchpad.net/ubuntu/+source/apport/+bug/1492570
launchpad.net/apport/trunk/2.19
www.exploit-db.com/exploits/38353/