AI Score
Confidence
High
EPSS
Percentile
78.0%
An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a β{β. This allows remote attackers to execute arbitrary Python code.
www.securityfocus.com/bid/95011
www.ubuntu.com/usn/USN-3157-1
bugs.launchpad.net/apport/+bug/1648806
donncha.is/2016/12/compromising-ubuntu-desktop/
github.com/DonnchaC/ubuntu-apport-exploitation
www.exploit-db.com/exploits/40937/