ID CVE-2009-1295
Summary Apport before 0.108.4 on Ubuntu 8.04 LTS, before 0.119.2 on Ubuntu 8.10, and before 1.0-0ubuntu5.2 on Ubuntu 9.04 does not properly remove files from the application's crash-report directory, which allows local users to delete arbitrary files via unspecified vectors.
References
Vulnerable Configurations
  • cpe:2.3:a:apport:apport:*:*:*:*:*:*:*:*
    cpe:2.3:a:apport:apport:*:*:*:*:*:*:*:*
  • cpe:2.3:o:ubuntu:ubuntu:8.0.4_lts:*:*:*:*:*:*:*
    cpe:2.3:o:ubuntu:ubuntu:8.0.4_lts:*:*:*:*:*:*:*
  • cpe:2.3:o:ubuntu:ubuntu:8.1.0:*:*:*:*:*:*:*
    cpe:2.3:o:ubuntu:ubuntu:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:o:ubuntu:ubuntu:9.0.4:*:*:*:*:*:*:*
    cpe:2.3:o:ubuntu:ubuntu:9.0.4:*:*:*:*:*:*:*
CVSS
Base: 1.9 (as of 15-05-2009 - 05:29)
Impact:
Exploitability:
CWE CWE-16
CAPEC
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:L/AC:M/Au:N/C:N/I:P/A:N
refmap via4
bid 34776
confirm https://launchpad.net/bugs/cve/2009-1295
misc https://bugs.launchpad.net/bugs/357024
secunia
  • 34947
  • 34952
  • 35065
suse SUSE-SR:2009:010
ubuntu USN-768-1
Last major update 15-05-2009 - 05:29
Published 30-04-2009 - 20:30
Back to Top