Vulnerability Name: | CVE-2009-1295 (CCN-50251) | ||||||||||||
Assigned: | 2009-04-30 | ||||||||||||
Published: | 2009-04-30 | ||||||||||||
Updated: | 2009-05-15 | ||||||||||||
Summary: | Apport before 0.108.4 on Ubuntu 8.04 LTS, before 0.119.2 on Ubuntu 8.10, and before 1.0-0ubuntu5.2 on Ubuntu 9.04 does not properly remove files from the application's crash-report directory, which allows local users to delete arbitrary files via unspecified vectors. | ||||||||||||
CVSS v3 Severity: | 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||||||
CVSS v2 Severity: | 1.9 Low (CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:N) 1.4 Low (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
1.6 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
| ||||||||||||
Vulnerability Type: | CWE-16 | ||||||||||||
Vulnerability Consequences: | File Manipulation | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2009-1295 Source: SUSE Type: UNKNOWN SUSE-SR:2009:010 Source: CCN Type: SA34947 Apport Cleanup Race Condition Security Issue Source: SECUNIA Type: UNKNOWN 34947 Source: SECUNIA Type: UNKNOWN 34952 Source: SECUNIA Type: UNKNOWN 35065 Source: CCN Type: OSVDB ID: 54173 Apport on Ubuntu Unspecified Arbitrary Local File Deletion Source: BID Type: UNKNOWN 34776 Source: CCN Type: BID-34776 Apport Local Arbitrary File Deletion Vulnerability Source: CCN Type: USN-768-1 Apport vulnerability Source: UBUNTU Type: Vendor Advisory USN-768-1 Source: MISC Type: Exploit https://bugs.launchpad.net/bugs/357024 Source: XF Type: UNKNOWN apport-cleanup-file-deletion(50251) Source: CCN Type: Launchpad Web site Apport announcement, Security bug fix version 1.1.1 released Source: CONFIRM Type: UNKNOWN https://launchpad.net/bugs/cve/2009-1295 Source: SUSE Type: SUSE-SR:2009:010 SUSE Security Summary Report | ||||||||||||
Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
Oval Definitions | |||||||||||||
| |||||||||||||
BACK |