Vulnerability Name:

CVE-2009-1295 (CCN-50251)

Assigned:2009-04-30
Published:2009-04-30
Updated:2009-05-15
Summary:Apport before 0.108.4 on Ubuntu 8.04 LTS, before 0.119.2 on Ubuntu 8.10, and before 1.0-0ubuntu5.2 on Ubuntu 9.04 does not properly remove files from the application's crash-report directory, which allows local users to delete arbitrary files via unspecified vectors.
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:1.9 Low (CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:N)
1.4 Low (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)
1.6 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-16
Vulnerability Consequences:File Manipulation
References:Source: MITRE
Type: CNA
CVE-2009-1295

Source: SUSE
Type: UNKNOWN
SUSE-SR:2009:010

Source: CCN
Type: SA34947
Apport Cleanup Race Condition Security Issue

Source: SECUNIA
Type: UNKNOWN
34947

Source: SECUNIA
Type: UNKNOWN
34952

Source: SECUNIA
Type: UNKNOWN
35065

Source: CCN
Type: OSVDB ID: 54173
Apport on Ubuntu Unspecified Arbitrary Local File Deletion

Source: BID
Type: UNKNOWN
34776

Source: CCN
Type: BID-34776
Apport Local Arbitrary File Deletion Vulnerability

Source: CCN
Type: USN-768-1
Apport vulnerability

Source: UBUNTU
Type: Vendor Advisory
USN-768-1

Source: MISC
Type: Exploit
https://bugs.launchpad.net/bugs/357024

Source: XF
Type: UNKNOWN
apport-cleanup-file-deletion(50251)

Source: CCN
Type: Launchpad Web site
Apport announcement, Security bug fix version 1.1.1 released

Source: CONFIRM
Type: UNKNOWN
https://launchpad.net/bugs/cve/2009-1295

Source: SUSE
Type: SUSE-SR:2009:010
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:apport:apport:*:*:*:*:*:*:*:* (Version <= 0.1.0.8.1)
  • OR cpe:/o:ubuntu:ubuntu:8.0.4_lts:*:*:*:*:*:*:*
  • OR cpe:/o:ubuntu:ubuntu:8.1.0:*:*:*:*:*:*:*
  • OR cpe:/o:ubuntu:ubuntu:9.0.4:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20091295
    V
    		CVE-2009-1295
    2015-11-16
    oval:org.mitre.oval:def:13688
    P
    		USN-768-1 -- apport vulnerability
    2014-06-30
    BACK
    apport apport *
    ubuntu ubuntu 8.0.4_lts
    ubuntu ubuntu 8.1.0
    ubuntu ubuntu 9.0.4