An issue exists in Apport up to and including 2.20.x. In apport/report.py, Apport sets the ExecutablePath field and it then uses the path to run package specific hooks without protecting against path traversal. This allows remote malicious users to execute arbitrary code via a crafted .crash file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apport project apport |