Vulnerability Name:

CVE-2016-9951 (CCN-119959)

Assigned:2016-12-14
Published:2016-12-14
Updated:2017-01-07
Summary:An issue was discovered in Apport before 2.20.4. A malicious Apport crash file can contain a restart command in `RespawnCommand` or `ProcCmdline` fields. This command will be executed if a user clicks the Relaunch button on the Apport prompt from the malicious crash file. The fix is to only show the Relaunch button on Apport crash files generated by local systems. The Relaunch button will be hidden when crash files are opened directly in Apport-GTK.
CVSS v3 Severity:6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
5.9 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
4.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-284
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2016-9951

Source: BID
Type: Third Party Advisory, VDB Entry
95011

Source: CCN
Type: BID-95011
Apport Multiple Security Vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-3157-1

Source: MISC
Type: Issue Tracking, Patch
https://bugs.launchpad.net/apport/+bug/1648806

Source: MISC
Type: Exploit, Technical Description, Third Party Advisory
https://donncha.is/2016/12/compromising-ubuntu-desktop/

Source: XF
Type: UNKNOWN
apport-cve20169951-dos(119959)

Source: MISC
Type: Issue Tracking, Third Party Advisory
https://github.com/DonnchaC/ubuntu-apport-exploitation

Source: CCN
Type: Ubuntu apport package
apport package : Ubuntu

Source: CCN
Type: Packet Storm Security [12-19-2016]
Apport 2.x Local Code Execution

Source: CCN
Type: Ubuntu Web site
Apport - Ubuntu Wiki

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [12-14-2016]

Source: EXPLOIT-DB
Type: UNKNOWN
40937

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2016-9951

Vulnerable Configuration:Configuration 1:
  • cpe:/a:apport_project:apport:*:*:*:*:*:*:*:* (Version <= 2.20.3)

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:com.ubuntu.xenial:def:201699510000000
    V
    		CVE-2016-9951 on Ubuntu 16.04 LTS (xenial) - medium.
    2016-12-17
    oval:com.ubuntu.precise:def:20169951000
    V
    		CVE-2016-9951 on Ubuntu 12.04 LTS (precise) - medium.
    2016-12-16
    oval:com.ubuntu.trusty:def:20169951000
    V
    		CVE-2016-9951 on Ubuntu 14.04 LTS (trusty) - medium.
    2016-12-16
    oval:com.ubuntu.xenial:def:20169951000
    V
    		CVE-2016-9951 on Ubuntu 16.04 LTS (xenial) - medium.
    2016-12-16
    BACK
    apport_project apport *