Vulnerability Details CVE-2015-1318
The crash reporting feature in Apport 2.13 through 2.17.x before 2.17.1 allows local users to gain privileges via a crafted usr/share/apport/apport file in a namespace (container).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.288
EPSS Ranking 96.2%
CVSS Severity
CVSS v2 Score 7.2
References
- http://www.osvdb.org/120803
- http://www.ubuntu.com/usn/USN-2569-1
- https://bugs.launchpad.net/ubuntu/%2Bsource/apport/%2Bbug/1438758
- https://launchpad.net/apport/trunk/2.17.1
- https://www.exploit-db.com/exploits/36782/
- https://www.exploit-db.com/exploits/43971/
- http://www.osvdb.org/120803
- http://www.ubuntu.com/usn/USN-2569-1
- https://bugs.launchpad.net/ubuntu/%2Bsource/apport/%2Bbug/1438758
- https://launchpad.net/apport/trunk/2.17.1
- https://www.exploit-db.com/exploits/36782/
- https://www.exploit-db.com/exploits/43971/
Products affected by CVE-2015-1318
-
cpe:2.3:a:apport_project:apport:2.13
-
cpe:2.3:a:apport_project:apport:2.13.1
-
cpe:2.3:a:apport_project:apport:2.13.2
-
cpe:2.3:a:apport_project:apport:2.13.3
-
cpe:2.3:a:apport_project:apport:2.14
-
cpe:2.3:a:apport_project:apport:2.14.1
-
cpe:2.3:a:apport_project:apport:2.14.2
-
cpe:2.3:a:apport_project:apport:2.14.3
-
cpe:2.3:a:apport_project:apport:2.14.4
-
cpe:2.3:a:apport_project:apport:2.14.5
-
cpe:2.3:a:apport_project:apport:2.14.6
-
cpe:2.3:a:apport_project:apport:2.14.7
-
cpe:2.3:a:apport_project:apport:2.15
-
cpe:2.3:a:apport_project:apport:2.15.1
-
cpe:2.3:a:apport_project:apport:2.16
-
cpe:2.3:a:apport_project:apport:2.16.1
-
cpe:2.3:a:apport_project:apport:2.16.2
-
cpe:2.3:a:apport_project:apport:2.17