Vulnerability CVE-2015-1338
Published: 2015-10-01

Description:
kernel_crashdump in Apport before 2.19 allows local users to cause a denial of service (disk consumption) or possibly gain privileges via a (1) symlink or (2) hard link attack on /var/crash/vmcore.log.

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Canonical -> Ubuntu linux 
Apport project -> Apport 

 References:
https://launchpad.net/apport/trunk/2.19
https://www.exploit-db.com/exploits/38353/
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1492570
http://www.ubuntu.com/usn/USN-2744-1
http://www.halfdog.net/Security/2015/ApportKernelCrashdumpFileAccessVulnerabilities/
http://seclists.org/fulldisclosure/2015/Sep/101
http://packetstormsecurity.com/files/133723/Ubuntu-Apport-kernel_crashdump-Symlink.html
Copyright 2024, cxsecurity.com

 

Back to Top