9.3 - USN-3157-1

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Summary
Title	Apport vulnerabilities

Informations
Name	USN-3157-1	First vendor Publication	2016-12-14
Vendor	Ubuntu	Last vendor Modification	2016-12-14
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.10 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS

Summary:

Apport could be made to run programs as your login if it opened a specially crafted file.

Software Description: - apport: automatically generate crash reports for debugging

Details:

Donncha O Cearbhaill discovered that the crash file parser in Apport improperly treated the CrashDB field as python code. An attacker could use this to convince a user to open a maliciously crafted crash file and execute arbitrary code with the privileges of that user. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-9949)

Donncha O Cearbhaill discovered that Apport did not properly sanitize the Package and SourcePackage fields in crash files before processing package specific hooks. An attacker could use this to convince a user to open a maliciously crafted crash file and execute arbitrary code with the privileges of that user. (CVE-2016-9950)

Donncha O Cearbhaill discovered that Apport would offer to restart an application based on the contents of the RespawnCommand or ProcCmdline fields in a crash file. An attacker could use this to convince a user to open a maliciously crafted crash file and execute arbitrary code with the privileges of that user. (CVE-2016-9951)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.10:
apport 2.20.3-0ubuntu8.2
apport-gtk 2.20.3-0ubuntu8.2
apport-kde 2.20.3-0ubuntu8.2
python-apport 2.20.3-0ubuntu8.2
python3-apport 2.20.3-0ubuntu8.2

Ubuntu 16.04 LTS:
apport 2.20.1-0ubuntu2.4
apport-gtk 2.20.1-0ubuntu2.4
apport-kde 2.20.1-0ubuntu2.4
python-apport 2.20.1-0ubuntu2.4
python3-apport 2.20.1-0ubuntu2.4

Ubuntu 14.04 LTS:
apport 2.14.1-0ubuntu3.23
apport-gtk 2.14.1-0ubuntu3.23
apport-kde 2.14.1-0ubuntu3.23
python-apport 2.14.1-0ubuntu3.23
python3-apport 2.14.1-0ubuntu3.23

Ubuntu 12.04 LTS:
apport 2.0.1-0ubuntu17.15
apport-gtk 2.0.1-0ubuntu17.15
apport-kde 2.0.1-0ubuntu17.15
python-apport 2.0.1-0ubuntu17.15

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-3157-1
CVE-2016-9949, CVE-2016-9950, CVE-2016-9951

Package Information:
https://launchpad.net/ubuntu/+source/apport/2.20.3-0ubuntu8.2
https://launchpad.net/ubuntu/+source/apport/2.20.1-0ubuntu2.4
https://launchpad.net/ubuntu/+source/apport/2.14.1-0ubuntu3.23
https://launchpad.net/ubuntu/+source/apport/2.0.1-0ubuntu17.15

Original Source

Url : http://www.ubuntu.com/usn/USN-3157-1

CWE : Common Weakness Enumeration

%	Id	Name
33 %	CWE-284	Access Control (Authorization) Issues
33 %	CWE-94	Failure to Control Generation of Code ('Code Injection')
33 %	CWE-22	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

Type	Description	Count
Application	Apport Project Apport cpe:2.3:a:apport_project:apport:2.20.1:::::::* cpe:2.3:a:apport_project:apport:2.17:::::::* cpe:2.3:a:apport_project:apport:2.16.2:::::::* cpe:2.3:a:apport_project:apport:2.16.1:::::::* cpe:2.3:a:apport_project:apport:2.16:::::::* cpe:2.3:a:apport_project:apport:2.15.1:::::::* cpe:2.3:a:apport_project:apport:2.15:::::::* cpe:2.3:a:apport_project:apport:2.14.7:::::::* cpe:2.3:a:apport_project:apport:2.14.6:::::::* cpe:2.3:a:apport_project:apport:2.14.5:::::::* cpe:2.3:a:apport_project:apport:2.14.4:::::::* cpe:2.3:a:apport_project:apport:2.14.3:::::::* cpe:2.3:a:apport_project:apport:2.14.2:::::::* cpe:2.3:a:apport_project:apport:2.14.1:::::::* cpe:2.3:a:apport_project:apport:2.14:::::::* cpe:2.3:a:apport_project:apport:2.13.3:::::::* cpe:2.3:a:apport_project:apport:2.13.2:::::::* cpe:2.3:a:apport_project:apport:2.13.1:::::::* cpe:2.3:a:apport_project:apport:2.13:::::::* cpe:2.3:a:apport_project:apport:::::::: cpe:2.3:a:apport_project:apport:-:::::::*	21
Os	Canonical Ubuntu Linux cpe:2.3:o:canonical:ubuntu_linux:12.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:12.04::lts::::: cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm::: cpe:2.3:o:canonical:ubuntu_linux:12.04:lts:::::: cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:::::* cpe:2.3:o:canonical:ubuntu_linux:12.04:::::::* cpe:2.3:o:canonical:ubuntu_linux:12.04::::-::: cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts::: cpe:2.3:o:canonical:ubuntu_linux:11.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:11.10:-:lts:::::* cpe:2.3:o:canonical:ubuntu_linux:11.04:::::::* cpe:2.3:o:canonical:ubuntu_linux:10.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:10.04:::::::* cpe:2.3:o:canonical:ubuntu_linux:10.04::lts::::: cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:::::* cpe:2.3:o:canonical:ubuntu_linux:10.04::::-::: cpe:2.3:o:canonical:ubuntu_linux:10.04::::lts::: cpe:2.3:o:canonical:ubuntu_linux:9.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:9.04:::::::* cpe:2.3:o:canonical:ubuntu_linux:8.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:8.04:-:lts:::::* cpe:2.3:o:canonical:ubuntu_linux:8.04::::-::: cpe:2.3:o:canonical:ubuntu_linux:8.04:::::::* cpe:2.3:o:canonical:ubuntu_linux:8.04::::lts::: cpe:2.3:o:canonical:ubuntu_linux:7.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:7.04:::::::* cpe:2.3:o:canonical:ubuntu_linux:6.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:6.06::::-::: cpe:2.3:o:canonical:ubuntu_linux:6.06:-:lts:::::* cpe:2.3:o:canonical:ubuntu_linux:6.06::::lts::: cpe:2.3:o:canonical:ubuntu_linux:6.06:::::::* cpe:2.3:o:canonical:ubuntu_linux:5.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:5.04:::::::* cpe:2.3:o:canonical:ubuntu_linux:4.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:::::lts:::* cpe:2.3:o:canonical:ubuntu_linux:::::-:::* cpe:2.3:o:canonical:ubuntu_linux::::::::	37

Snort® IPS/IDS

Date	Description
2017-01-19	Ubuntu Apport CrashDB crash report code injection attempt RuleID : 41041 - Revision : 2 - Type : OS-LINUX
2017-01-19	Ubuntu Apport CrashDB crash report code injection attempt RuleID : 41040 - Revision : 2 - Type : OS-LINUX

Nessus® Vulnerability Scanner

Date	Description
2016-12-15	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-3157-1.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2017-01-07 09:27:38	Multiple Updates
2016-12-16 13:24:42	Multiple Updates
2016-12-15 00:23:03	First insertion

Global Informations

Type	Count
CWE ID(s)	3
CPE ID(s)	58
Snort® Rule(s)	2
Nessus® Exploit(s)	1

	Related
7.8	CVE-2016-9950
7.8	CVE-2016-9949
6.5	CVE-2016-9951
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 3 more Alert(s)

9.3 - USN-3157-1

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

CPE : Common Platform Enumeration

Snort® IPS/IDS

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU