CVE-2016-9950 - OpenCVE

An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file "Package" and "SourcePackage" fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory. An attacker can exploit this path traversal to execute arbitrary Python files from the local system.

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Apport Project	Apport
Canonical	Ubuntu Linux

Configuration 1 [-]

cpe:2.3:a:apport_project:apport:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*

References

Link	Resource
http://www.securityfocus.com/bid/95011	Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-3157-1
https://bugs.launchpad.net/apport/+bug/1648806	Issue Tracking Patch
https://donncha.is/2016/12/compromising-ubuntu-desktop/	Exploit Technical Description Third Party Advisory
https://github.com/DonnchaC/ubuntu-apport-exploitation	Issue Tracking Third Party Advisory
https://www.exploit-db.com/exploits/40937/

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2016-12-17T03:34:00

Updated: 2017-01-04T14:57:01

Reserved: 2016-12-14T00:00:00

Link: CVE-2016-9950

JSON object: View

NVD Information

Status : Modified

Published: 2016-12-17T03:59:00.327

Modified: 2017-01-07T03:00:45.980

Link: CVE-2016-9950

JSON object: View

Redhat Information

No data.

CWE

CWE-22

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-12-16T00:00:00", "descriptions": [{"lang": "en", "value": "An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file \"Package\" and \"SourcePackage\" fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory. An attacker can exploit this path traversal to execute arbitrary Python files from the local system."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-01-04T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/DonnchaC/ubuntu-apport-exploitation"}, {"tags": ["x_refsource_MISC"], "url": "https://donncha.is/2016/12/compromising-ubuntu-desktop/"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.launchpad.net/apport/+bug/1648806"}, {"name": "95011", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/95011"}, {"name": "USN-3157-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-3157-1"}, {"name": "40937", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/40937/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-9950", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file \"Package\" and \"SourcePackage\" fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory. An attacker can exploit this path traversal to execute arbitrary Python files from the local system."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/DonnchaC/ubuntu-apport-exploitation", "refsource": "MISC", "url": "https://github.com/DonnchaC/ubuntu-apport-exploitation"}, {"name": "https://donncha.is/2016/12/compromising-ubuntu-desktop/", "refsource": "MISC", "url": "https://donncha.is/2016/12/compromising-ubuntu-desktop/"}, {"name": "https://bugs.launchpad.net/apport/+bug/1648806", "refsource": "MISC", "url": "https://bugs.launchpad.net/apport/+bug/1648806"}, {"name": "95011", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95011"}, {"name": "USN-3157-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-3157-1"}, {"name": "40937", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/40937/"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-9950", "datePublished": "2016-12-17T03:34:00", "dateReserved": "2016-12-14T00:00:00", "dateUpdated": "2017-01-04T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apport_project:apport:*:*:*:*:*:*:*:*", "matchCriteriaId": "14E2A18E-418A-47E5-8D6D-19996D80DB42", "versionEndIncluding": "2.20.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*", "matchCriteriaId": "AD4B26F2-78C2-4B15-8A31-5B8399492E97", "versionEndIncluding": "12.10", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file \"Package\" and \"SourcePackage\" fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory. An attacker can exploit this path traversal to execute arbitrary Python files from the local system."}, {"lang": "es", "value": "Un problema fue descubierto en Apport en versiones anteriores a 2.20.4. Hay un problema de salto de ruta en campos Apport crash file \"Package\" y \"SourcePackage\". Estos campos se utilizan para construir una ruta a los archivos gancho espec\u00edficos del paquete en el directorio /usr/share/apport/package-hooks/. Un ataque puede explotar este salto de ruta para ejecutar archivos Python arbitrarios desde un sistema local."}], "id": "CVE-2016-9950", "lastModified": "2017-01-07T03:00:45.980", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-12-17T03:59:00.327", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/95011"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-3157-1"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch"], "url": "https://bugs.launchpad.net/apport/+bug/1648806"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "url": "https://donncha.is/2016/12/compromising-ubuntu-desktop/"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/DonnchaC/ubuntu-apport-exploitation"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/40937/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}