| Vulnerability Name: | CVE-2015-1324 (CCN-131008) | ||||||||||||||||||||
| Assigned: | 2015-05-12 | ||||||||||||||||||||
| Published: | 2015-05-12 | ||||||||||||||||||||
| Updated: | 2017-08-30 | ||||||||||||||||||||
| Summary: | Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allow local users to write to arbitrary files and gain root privileges by leveraging incorrect handling of permissions when generating core dumps for setuid binaries. | ||||||||||||||||||||
| CVSS v3 Severity: | 7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) 6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
7.3 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||||||||||
| CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||||||||||||||
| Vulnerability Type: | CWE-264 | ||||||||||||||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2015-1324 Source: BID Type: Third Party Advisory, VDB Entry 74767 Source: CCN Type: BID-74767 Apport CVE-2015-1324 Local Privilege Escalation Vulnerability Source: UBUNTU Type: Patch, Vendor Advisory USN-2609-1 Source: CCN Type: Launchpad Bug #1452239 root escalation with fs.suid_dumpable=2 Source: CONFIRM Type: Issue Tracking, Patch, Vendor Advisory https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1452239 Source: XF Type: UNKNOWN apport-cve20151324-priv-esc(131008) Source: CCN Type: WhiteSource Vulnerability Database CVE-2015-1324 | ||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||
| |||||||||||||||||||||
| BACK | |||||||||||||||||||||