| Name | apport_crash_handler |
| CVE | CVE-2016-9949 |
| Exploit Pack | CANVAS |
| Description | Ubuntu Apport Crash Handler RCE |
| Notes | CVE Name: CVE-2016-9949 Vendor: Ubuntu Notes: This module creates a crafted Apport crash file report that seems to be a simple text file. When the text file is double clicked in the host the crash file parser execute the python code due an improper treatement of the CrashDB field as python code and the MOSDEF callback is launched. At the end the crafted crash file is replaced by a decoy text file and gedit program is launched to look like the behavior of a real text file. Note: An Apport popup window appears for a few seconds when the crash file is parse. Vulnerable: Apport 2.20.3 Not Vulnerable: Apport 2.20.4 Tested on: - Ubuntu 16.04 64bit Desktop with Apport 2.20.1 - Ubuntu 15.10 64bit Desktop with Apport 2.19.1 - Ubuntu 14.04 32bit Desktop with Apport 2.14.1 Repeatability: Infinite References: https://donncha.is/2016/12/compromising-ubuntu-desktop/ CVE Url: http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9949.html |
| Learn more about the CANVAS Exploit Pack here: CANVAS |