Vulnerability & Exploit Database

Back to search

Ubuntu: USN-3480-1 (CVE-2017-14180): Apport vulnerabilities

Severity CVSS Published Added Modified
4 (AV:L/AC:M/Au:N/C:P/I:P/A:P) November 14, 2017 November 15, 2017 November 15, 2017

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From USN-3480-1:

Sander Bos discovered that Apport incorrectly handled core dumps for setuid binaries. A local attacker could use this issue to perform a denial of service via resource exhaustion or possibly gain root privileges. (CVE-2017-14177)

Sander Bos discovered that Apport incorrectly handled core dumps for processes in a different PID namespace. A local attacker could use this issue to perform a denial of service via resource exhaustion or possibly gain root privileges. (CVE-2017-14180)

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now

References

Solution

ubuntu-upgrade-apport