mirror of
https://github.com/0xMarcio/cve.git
synced 2026-02-13 11:22:49 +00:00
883 B
883 B
CVE-2016-9949
Description
An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "{". This allows remote attackers to execute arbitrary Python code.
POC
Reference
- https://bugs.launchpad.net/apport/+bug/1648806
- https://github.com/DonnchaC/ubuntu-apport-exploitation
- https://www.exploit-db.com/exploits/40937/