CVE-2016-9951
First published: Sat Dec 17 2016(Updated: )
An issue was discovered in Apport before 2.20.4. A malicious Apport crash file can contain a restart command in `RespawnCommand` or `ProcCmdline` fields. This command will be executed if a user clicks the Relaunch button on the Apport prompt from the malicious crash file. The fix is to only show the Relaunch button on Apport crash files generated by local systems. The Relaunch button will be hidden when crash files are opened directly in Apport-GTK.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ubuntu Python3-apport | <=2.20.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-9951?
CVE-2016-9951 has a medium severity rating due to its potential for exploitation through malicious crash files.
How do I fix CVE-2016-9951?
To fix CVE-2016-9951, update Apport to version 2.20.4 or later.
Who is affected by CVE-2016-9951?
CVE-2016-9951 affects users running Apport versions prior to 2.20.4.
What are the potential impacts of CVE-2016-9951?
The potential impacts of CVE-2016-9951 include unauthorized command execution if a user interacts with a malicious crash file.
Is CVE-2016-9951 a local or remote vulnerability?
CVE-2016-9951 is primarily a local vulnerability since it requires user interaction with a local crash file.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/remedy
- agent/author
- agent/severity
- agent/last-modified-date
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/apport project
- canonical/ubuntu python3-apport
- version/ubuntu python3-apport/2.20.3