Lucene search
K

7 matches found

0day.today
0day.today
added 2016/12/19 12:0 a.m.80 views

Apport 2.x (Ubuntu Desktop 12.10 < 16.04) - Local Code Execution Exploit

Exploit for linux platform in category local exploits Both of these issues were reported to the Apport maintainers and a fix was released on 2016-12-14. The CrashDB code injection issue can be tracked with CVE-2016-9949 and the path traversal bug with CVE-2016-9950. An additional problem where...

9.3CVSS6.8AI score0.17726EPSS
Exploits8
OSV
OSV
added 2016/12/17 3:59 a.m.3 views

CVE-2016-9951

An issue was discovered in Apport before 2.20.4. A malicious Apport crash file can contain a restart command in RespawnCommand or ProcCmdline fields. This command will be executed if a user clicks the Relaunch button on the Apport prompt from the malicious crash file. The fix is to only show the...

6.5CVSS5.8AI score0.06674EPSS
Exploits5References6
CVE
CVE
added 2016/12/17 3:34 a.m.69 views

CVE-2016-9951

CVE-2016-9951 affects Apport prior to 2.20.4. A malicious crash file can contain a restart command in the RespawnCommand or ProcCmdline fields, which is executed if a user clicks the Relaunch button on the Apport prompt. The underlying issue is that crash file content can trigger arbitrary comman...

6.5CVSS6.6AI score0.06674EPSS
Exploits5References6Affected Software1
OpenVAS
OpenVAS
added 2016/12/15 12:0 a.m.32 views

Ubuntu: Security Advisory (USN-3157-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS7AI score0.17726EPSS
Exploits8References2
Ubuntu
Ubuntu
added 2016/12/14 10:15 p.m.75 views

USN-3157-1: Apport vulnerabilities

Donncha O Cearbhaill discovered that the crash file parser in Apport improperly treated the CrashDB field as python code. An attacker could use this to convince a user to open a maliciously crafted crash file and execute arbitrary code with the privileges of that user. This issue only affected...

9.3CVSS7.7AI score0.17726EPSS
Exploits8
exploitpack
exploitpack
added 2016/12/14 12:0 a.m.49 views

Apport 2.x (Ubuntu Desktop 12.10 16.04) - Local Code Execution

Apport 2.x Ubuntu Desktop 12.10 16.04 - Local Code Execution Both of these issues were reported to the Apport maintainers and a fix was released on 2016-12-14. The CrashDB code injection issue can be tracked with CVE-2016-9949 and the path traversal bug with CVE-2016-9950. An additional problem...

9.3CVSS7.1AI score0.17726EPSS
Exploits8
Exploit DB
Exploit DB
added 2016/12/14 12:0 a.m.66 views

Apport 2.x (Ubuntu Desktop 12.10 &lt; 16.04) - Local Code Execution

Both of these issues were reported to the Apport maintainers and a fix was released on 2016-12-14. The CrashDB code injection issue can be tracked with CVE-2016-9949 and the path traversal bug with CVE-2016-9950. An additional problem where arbitrary commands can be called with the “Relaunch”...

9.3CVSS7AI score0.17726EPSS
Exploits8
Rows per page
Query Builder