USN-3480-2 apport regressions

USN-3480-1 fixed vulnerabilities in Apport. The fix for CVE-2017-14177 introduced a regression in the ability to handle crashes for users that configured their systems to use the Upstart init system in Ubuntu 16.04 LTS and Ubuntu 17.04. The fix for CVE-2017-14180 temporarily disabled crash...

CVE-2017-16777

If HashiCorp Vagrant VMware Fusion plugin aka vagrant-vmware-fusion 5.0.3 is installed but VMware Fusion is not, a local attacker can create a fake application directory and exploit the suid sudo helper in order to escalate to root...

Ubuntu 14.04 LTS / 16.04 LTS : Apport vulnerabilities (USN-3480-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3480-1 advisory. Sander Bos discovered that Apport incorrectly handled core dumps for setuid binaries. A local attacker could use this issue to perform a deni...

USN-3480-1 apport vulnerabilities

Sander Bos discovered that Apport incorrectly handled core dumps for setuid binaries. A local attacker could use this issue to perform a denial of service via resource exhaustion or possibly gain root privileges. CVE-2017-14177 Sander Bos discovered that Apport incorrectly handled core dumps for...

USN-3480-1: Apport vulnerabilities

Sander Bos discovered that Apport incorrectly handled core dumps for setuid binaries. A local attacker could use this issue to perform a denial of service via resource exhaustion or possibly gain root privileges. CVE-2017-14177 Sander Bos discovered that Apport incorrectly handled core dumps for...

CVE-2017-14177

Apport through 2.20.7 does not properly handle core dumps from setuid binaries allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges. NOTE: this vulnerability exists because of ...

UBUNTU-CVE-2017-14177

Apport through 2.20.7 does not properly handle core dumps from setuid binaries allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges. NOTE: this vulnerability exists because of ...

kernel: load_elf_ binary() does not take account of the need to allocate sufficient space for the entire binary

A flaw was found in the way the Linux kernel loaded ELF executables. Provided that an application was built as Position Independent Executable PIE, the loader could allow part of that application's data segment to map over the memory area reserved for its stack, potentially resulting in memory...

CVE-2017-9779

OCaml compiler allows attackers to have unspecified impact via unknown vectors, a similar issue to CVE-2017-9772 "but with much less impact."...

CVE-2017-14140

The movepages system call in mm/migrate.c in the Linux kernel before 4.12.9 doesn't check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR...

CVE-2017-14140

The movepages system call in mm/migrate.c in the Linux kernel before 4.12.9 doesn't check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR...

UBUNTU-CVE-2017-14140

The movepages system call in mm/migrate.c in the Linux kernel before 4.12.9 doesn't check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR...

Design/Logic Flaw

Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allow local users to write to arbitrary files and gain root...

CVE-2017-13130

mcmnm in BMC Patrol allows local users to gain privileges via a crafted libmcmclnx.so file in the current working directory, because it is setuid root and the RPATH variable begins with the .: substring...

bash: Specially crafted SHELLOPTS+PS4 variables allows command substitution

An arbitrary command injection flaw was found in the way bash processed the SHELLOPTS and PS4 environment variables. A local, authenticated attacker could use this flaw to exploit poorly written setuid programs to elevate their privileges under certain circumstances...

CVE-2017-11547

The resamplegauss function in resample.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted mid file. NOTE: a crash might be relevant when using the --background option. NOTE: the TiMidity++ README.alsaseq documentation suggests a...

DEBIAN-CVE-2017-11547

The resamplegauss function in resample.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted mid file. NOTE: a crash might be relevant when using the --background option. NOTE: the TiMidity++ README.alsaseq documentation suggests a...

Heap overflow

The resamplegauss function in resample.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted mid file. NOTE: a crash might be relevant when using the --background option. NOTE: the TiMidity++ README.alsaseq documentation suggests a...

CVE-2017-11547

The resamplegauss function in resample.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted mid file. NOTE: a crash might be relevant when using the --background option. NOTE: the TiMidity++ README.alsaseq documentation suggests a...

CVE-2017-11547

The resamplegauss function in resample.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service heap-based buffer over-read via a crafted mid file. NOTE: a crash might be relevant when using the --background option. NOTE: the TiMidity++ README.alsaseq documentation suggests a...