Launchpad.net

CVE 2017-10708

An issue was discovered in Apport through 2.20.x. In apport/report.py, Apport sets the ExecutablePath field and it then uses the path to run package specific hooks without protecting against path traversal. This allows remote attackers to execute arbitrary code via a crafted .crash file.

Related bugs and status

CVE-2017-10708 (Candidate) is related to these bugs:

Bug #1700573: Code execution through path traversal in .crash files processing

		In	Importance	Status
1700573	Code execution through path traversal in .crash files processing	Apport	High	Fix Released
1700573	Code execution through path traversal in .crash files processing	apport (Ubuntu)	High	Fix Released
1700573	Code execution through path traversal in .crash files processing	apport (Ubuntu Trusty)	High	Fix Released
1700573	Code execution through path traversal in .crash files processing	apport (Ubuntu Yakkety)	High	Fix Released
1700573	Code execution through path traversal in .crash files processing	apport (Ubuntu Artful)	High	Fix Released
1700573	Code execution through path traversal in .crash files processing	apport (Ubuntu Xenial)	High	Fix Released
1700573	Code execution through path traversal in .crash files processing	apport (Ubuntu Zesty)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://launchpad.net/...
CONFIRM: https://launchpad.net/...