CVE-2015-1338

Related Files

Ubuntu Apport kernel_crashdump Symlink

Posted Sep 26, 2015

Authored by halfdog

This is a short write-up of the Ubuntu Apport kernel_crashdump symlink vulnerabilities along with some proof of concept code.

tags | exploit, vulnerability, proof of concept

systems | linux, ubuntu

advisories | CVE-2015-1338

SHA-256 | 6ad9dbf653da822a763a4a0ee8845d1ea92def27b988d96ac422f942ecd40aac

Download | Favorite | View

Ubuntu Security Notice USN-2744-1

Posted Sep 24, 2015

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2744-1 - Halfdog discovered that Apport incorrectly handled kernel crash dump files. A local attacker could use this issue to cause a denial of service, or possibly elevate privileges. The default symlink protections for affected releases should reduce the vulnerability to a denial of service.

tags | advisory, denial of service, kernel, local

systems | linux, ubuntu

advisories | CVE-2015-1338

SHA-256 | dee7f3fa2888859a2f779bee89c68c507cea1c1a90dff31a934e31fb62b1d8a9

Download | Favorite | View