Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
NameCVE-2016-9950First vendor Publication2016-12-16
VendorCveLast vendor Modification2017-01-06

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score9.3Attack RangeNetwork
Cvss Impact Score10Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file "Package" and "SourcePackage" fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory. An attacker can exploit this path traversal to execute arbitrary Python files from the local system.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9950

CWE : Common Weakness Enumeration

%idName
100 %CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application107
Os28

Snort® IPS/IDS

DateDescription
2017-01-19Ubuntu Apport CrashDB crash report code injection attempt
RuleID : 41041 - Revision : 2 - Type : OS-LINUX
2017-01-19Ubuntu Apport CrashDB crash report code injection attempt
RuleID : 41040 - Revision : 2 - Type : OS-LINUX

Nessus® Vulnerability Scanner

DateDescription
2016-12-15Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-3157-1.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/95011
EXPLOIT-DB https://www.exploit-db.com/exploits/40937/
MISC https://bugs.launchpad.net/apport/+bug/1648806
https://donncha.is/2016/12/compromising-ubuntu-desktop/
https://github.com/DonnchaC/ubuntu-apport-exploitation
UBUNTU http://www.ubuntu.com/usn/USN-3157-1

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
DateInformations
2019-06-07 12:08:13
  • Multiple Updates
2018-10-05 12:08:57
  • Multiple Updates
2018-07-31 01:01:30
  • Multiple Updates
2018-07-28 12:04:29
  • Multiple Updates
2017-10-13 01:08:01
  • Multiple Updates
2017-08-04 12:04:46
  • Multiple Updates
2017-06-23 12:02:30
  • Multiple Updates
2017-01-07 09:26:00
  • Multiple Updates
2016-12-24 00:22:59
  • Multiple Updates
2016-12-23 12:32:21
  • Multiple Updates
2016-12-19 21:24:42
  • Multiple Updates
2016-12-17 09:22:05
  • First insertion