692 matches found
CVE-2015-1318
The crash reporting feature in Apport 2.13 through 2.17.x before 2.17.1 allows local users to gain privileges via a crafted usr/share/apport/apport file in a namespace container...
Ubuntu Update for apport USN-2007-1
Check for the Version of apport OpenVAS Vulnerability Test $Id: gbubuntuUSN20071.nasl 8456 2018-01-18 06:58:40Z teissa $ Ubuntu Update for apport USN-2007-1 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software;...
Ubuntu: Security Advisory (USN-2007-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[USN-2007-1] Apport vulnerability
========================================================================== Ubuntu Security Notice USN-2007-1 October 24, 2013 apport vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
CVE-2013-1067
Apport 2.12.5 and earlier uses weak permissions for core dump files created by setuid binaries, which allows local users to obtain sensitive information by reading the file...
Design/Logic Flaw
Apport 2.12.5 and earlier uses weak permissions for core dump files created by setuid binaries, which allows local users to obtain sensitive information by reading the file...
CVE-2013-1067
CVE-2013-1067 affects Apport. Connected sources confirm that Apport 2.12.5 and earlier leave core-dump files created by setuid binaries with weak permissions, enabling local users to read privileged information. This is the root cause described across Red Hat, SUSE, and Ubuntu advisories. Exploit...
CVE-2013-1067
Apport 2.12.5 and earlier uses weak permissions for core dump files created by setuid binaries, which allows local users to obtain sensitive information by reading the file...
Ubuntu 12.04 LTS / 12.10 / 13.04 / 13.10 : apport vulnerability (USN-2007-1)
Martin Carpenter discovered that Apport set incorrect permissions on core dump files generated by setuid binaries. A local attacker could possibly use this issue to obtain privileged information. Note that Tenable Network Security has extracted the preceding description block directly from the...
USN-2007-1: Apport vulnerability
Martin Carpenter discovered that Apport set incorrect permissions on core dump files generated by setuid binaries. A local attacker could possibly use this issue to obtain privileged information...
CVE-2013-1067
Apport 2.12.5 and earlier uses weak permissions for core dump files created by setuid binaries, which allows local users to obtain sensitive information by reading the file...
[USN-1668-1] Apport update
========================================================================== Ubuntu Security Notice USN-1668-1 December 17, 2012 apport update ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu...
Ubuntu Update for apport USN-1668-1
Ubuntu Update for Linux kernel vulnerabilities USN-1668-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN16681.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for apport USN-1668-1 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This...
Ubuntu 10.04 LTS / 11.10 / 12.04 LTS : apport update (USN-1668-1)
Dan Rosenberg discovered that an application running under an AppArmor profile that allowed unconfined execution of apport-bug could escape confinement by calling apport-bug with a crafted environment. While not a vulnerability in apport itself, this update mitigates the issue by sanitizing certa...
Ubuntu: Security Advisory (USN-1668-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-1668-1: Apport update
Dan Rosenberg discovered that an application running under an AppArmor profile that allowed unconfined execution of apport-bug could escape confinement by calling apport-bug with a crafted environment. While not a vulnerability in apport itself, this update mitigates the issue by sanitizing certa...
Design/Logic Flaw
The Apport hook DistUpgradeApport.py in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uploads the /var/log/dist-upgrade directory when reporting bugs to Launchpad, which allows remote attackers to read repository credentials by viewing a public bug report. NOTE: this vulnerabilit...
CVE-2012-0950
The CVE-2012-0950 vulnerability concerns the Apport hook (DistUpgradeApport.py) in Ubuntu Update Manager: when reporting bugs to Launchpad it uploads /var/log/dist-upgrade, potentially exposing repository credentials in a public bug report. This exists because of an incomplete fix for CVE-2012-09...
CVE-2012-0950
The Apport hook DistUpgradeApport.py in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uploads the /var/log/dist-upgrade directory when reporting bugs to Launchpad, which allows remote attackers to read repository credentials by viewing a public bug report. NOTE: this vulnerabilit...
Design/Logic Flaw
The Apport hook in Update Manager as used by Ubuntu 12.04 LTS, 11.10, and 11.04 uploads certain system state archive files when reporting bugs to Launchpad, which allows remote attackers to read repository credentials by viewing a public bug report...