Apport up to and including 2.20.7 does not properly handle core dumps from setuid binaries allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1324.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apport project apport |
||
canonical ubuntu linux 17.10 |
||
canonical ubuntu linux 16.04 |
||
canonical ubuntu linux 18.04 |
||
canonical ubuntu linux 17.04 |
||
canonical ubuntu linux 14.04 |