Lucene search
Copyright (C) 2016 Greenbone AGOPENVAS:1361412562310842993HistoryDec 15, 2016 - 12:00 a.m.
Ubuntu: Security Advisory (USN-3157-1)
2016-12-1500:00:00
Copyright (C) 2016 Greenbone AG
plugins.openvas.org
10
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7 High
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.006 Low
EPSS
Percentile
78.0%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2016 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.842993");
script_cve_id("CVE-2016-9949", "CVE-2016-9950", "CVE-2016-9951");
script_tag(name:"creation_date", value:"2016-12-15 05:03:53 +0000 (Thu, 15 Dec 2016)");
script_version("2024-02-02T05:06:06+0000");
script_tag(name:"last_modification", value:"2024-02-02 05:06:06 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"9.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2016-12-19 18:29:17 +0000 (Mon, 19 Dec 2016)");
script_name("Ubuntu: Security Advisory (USN-3157-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2016 Greenbone AG");
script_family("Ubuntu Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages", re:"ssh/login/release=UBUNTU(12\.04\ LTS|14\.04\ LTS|16\.04\ LTS|16\.10)");
script_xref(name:"Advisory-ID", value:"USN-3157-1");
script_xref(name:"URL", value:"https://ubuntu.com/security/notices/USN-3157-1");
script_tag(name:"summary", value:"The remote host is missing an update for the 'apport' package(s) announced via the USN-3157-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"Donncha O Cearbhaill discovered that the crash file parser in Apport
improperly treated the CrashDB field as python code. An attacker could
use this to convince a user to open a maliciously crafted crash file
and execute arbitrary code with the privileges of that user. This issue
only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-9949)
Donncha O Cearbhaill discovered that Apport did not properly sanitize the
Package and SourcePackage fields in crash files before processing package
specific hooks. An attacker could use this to convince a user to open a
maliciously crafted crash file and execute arbitrary code with the
privileges of that user. (CVE-2016-9950)
Donncha O Cearbhaill discovered that Apport would offer to restart an
application based on the contents of the RespawnCommand or ProcCmdline
fields in a crash file. An attacker could use this to convince a user to
open a maliciously crafted crash file and execute arbitrary code with the
privileges of that user. (CVE-2016-9951)");
script_tag(name:"affected", value:"'apport' package(s) on Ubuntu 12.04, Ubuntu 14.04, Ubuntu 16.04, Ubuntu 16.10.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
release = dpkg_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "UBUNTU12.04 LTS") {
if(!isnull(res = isdpkgvuln(pkg:"apport", ver:"2.0.1-0ubuntu17.15", rls:"UBUNTU12.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"apport-gtk", ver:"2.0.1-0ubuntu17.15", rls:"UBUNTU12.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"apport-kde", ver:"2.0.1-0ubuntu17.15", rls:"UBUNTU12.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"python-apport", ver:"2.0.1-0ubuntu17.15", rls:"UBUNTU12.04 LTS"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "UBUNTU14.04 LTS") {
if(!isnull(res = isdpkgvuln(pkg:"apport", ver:"2.14.1-0ubuntu3.23", rls:"UBUNTU14.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"apport-gtk", ver:"2.14.1-0ubuntu3.23", rls:"UBUNTU14.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"apport-kde", ver:"2.14.1-0ubuntu3.23", rls:"UBUNTU14.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"python-apport", ver:"2.14.1-0ubuntu3.23", rls:"UBUNTU14.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"python3-apport", ver:"2.14.1-0ubuntu3.23", rls:"UBUNTU14.04 LTS"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "UBUNTU16.04 LTS") {
if(!isnull(res = isdpkgvuln(pkg:"apport", ver:"2.20.1-0ubuntu2.4", rls:"UBUNTU16.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"apport-gtk", ver:"2.20.1-0ubuntu2.4", rls:"UBUNTU16.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"apport-kde", ver:"2.20.1-0ubuntu2.4", rls:"UBUNTU16.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"python-apport", ver:"2.20.1-0ubuntu2.4", rls:"UBUNTU16.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"python3-apport", ver:"2.20.1-0ubuntu2.4", rls:"UBUNTU16.04 LTS"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "UBUNTU16.10") {
if(!isnull(res = isdpkgvuln(pkg:"apport", ver:"2.20.3-0ubuntu8.2", rls:"UBUNTU16.10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"apport-gtk", ver:"2.20.3-0ubuntu8.2", rls:"UBUNTU16.10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"apport-kde", ver:"2.20.3-0ubuntu8.2", rls:"UBUNTU16.10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"python-apport", ver:"2.20.3-0ubuntu8.2", rls:"UBUNTU16.10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"python3-apport", ver:"2.20.3-0ubuntu8.2", rls:"UBUNTU16.10"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
ubuntu
ubuntu
Apport vulnerabilities
2016-12-14 00:00:00
zdt
zdt
Apport 2.x (Ubuntu Desktop 12.10 < 16.04) - Local Code Execution Exploit
2016-12-19 00:00:00
seebug
seebug
Ubuntu Apport < 2.20.4 Code Execution on Ubuntu DesktopοΌCVE-2016-9949οΌ
2016-12-23 00:00:00
nessus
nessus
Ubuntu 14.04 LTS / 16.04 LTS : Apport vulnerabilities (USN-3157-1)
2016-12-15 00:00:00
exploitpack
exploitpack
Apport 2.x (Ubuntu Desktop 12.10 16.04) - Local Code Execution
2016-12-14 00:00:00
threatpost
threatpost
Remote Code Execution Bug Found in Ubuntu Quantal
2016-12-16 11:14:00
thn
thn
Ubuntuβs Crash Report Tool Allows Remote Code Execution
2016-12-15 23:50:00
exploitdb
exploitdb
Apport 2.x (Ubuntu Desktop 12.10 < 16.04) - Local Code Execution
2016-12-14 00:00:00
cvelist
cvelist
prion
prion
Path traversal
2016-12-17 03:59:00
Code injection
2016-12-17 03:59:00
Command injection
2016-12-17 03:59:00
nvd
nvd
ubuntucve
ubuntucve
cve
cve
canvas
canvas
Immunity Canvas: APPORT_CRASH_HANDLER
2016-12-17 03:59:00
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7 High
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.006 Low
EPSS
Percentile
78.0%
Related for OPENVAS:1361412562310842993