Ubuntu 16.04: Apport vulnerability (CVE-2016-9949, CVE-2016-9950, CVE-2016-9951)

This vulnerability is triggered by double click on malicious crash file.

Table of Contents

1 Abstract

Apport is bug report tool which create bug repot from crash file.

Apport has a vulnerability which will exec arbitally code with malicious crash file. This will effect latest Ubuntu includes Ubuntu 16.04.

  • This will be triggered by double click on malicious crash file.
  • Ubuntu will start application with MIME type when file extension is not registered to start application (e.g. mp4 files are registered to start totem). Files which is not registered but has a MIME type "ProblemType: " will trigger this issue.

2 Check

Download minimal-rce.crash. This is a crash file which will kill apport and run gnome-calculator.

When double click on minimal-rce.crash, apport is killed and gnome-calculator starts.

0001_gnome-calculator.png

After updating Apport with apt update, double click on minimal-rce.crash and apport is not killed.

0002_apport.png