CVE-2015-1324
Last modified
CVE-2015-1324 is a vulnerability of currently unknown severity. Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allow local users to write to arbitrary files and gain root privileges by leveraging incorrect handling of permissions when generating core dumps for setuid binaries.. EPSS estimates a 0.36% chance of exploitation in the next 30 days.
Description
Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allow local users to write to arbitrary files and gain root privileges by leveraging incorrect handling of permissions when generating core dumps for setuid binaries.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Canonical | Ubuntu Linux | 12.04 |
| Canonical | Ubuntu Linux | 14.04 |
| Canonical | Ubuntu Linux | 14.10 |
| Canonical | Ubuntu Linux | 15.04 |
References
- http://www.securityfocus.com/bid/74767Third Party Advisory, VDB Entry
- http://www.ubuntu.com/usn/USN-2609-1Patch, Vendor Advisory
- https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1452239Issue Tracking, Patch, Vendor Advisory
- http://www.securityfocus.com/bid/74767Third Party Advisory, VDB Entry
- http://www.ubuntu.com/usn/USN-2609-1Patch, Vendor Advisory
- https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1452239Issue Tracking, Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2015-1324?
How severe is CVE-2015-1324?
How do I fix CVE-2015-1324?
Are you affected by CVE-2015-1324?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST