{"containers": {"cna": {"affected": [{"product": "Apport", "vendor": "n/a", "versions": [{"status": "affected", "version": "through 2.20.7"}]}], "credits": [{"lang": "en", "value": "Sander Bos"}], "datePublic": "2017-11-15T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Apport through 2.20.7 does not properly handle core dumps from setuid binaries allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1324."}], "problemTypes": [{"descriptions": [{"description": "Denial of service via resource exhaustion and privilege escalation", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-02-02T13:57:01.000Z", "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-14177"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bazaar.launchpad.net/~apport-hackers/apport/trunk/revision/3171"}, {"name": "USN-3480-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/usn/usn-3480-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://launchpad.net/bugs/1726372"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@ubuntu.com", "DATE_PUBLIC": "2017-11-15T19:00:00.000Z", "ID": "CVE-2017-14177", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apport", "version": {"version_data": [{"version_value": "through 2.20.7"}]}}]}, "vendor_name": "n/a"}]}}, "credit": ["Sander Bos"], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Apport through 2.20.7 does not properly handle core dumps from setuid binaries allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1324."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Denial of service via resource exhaustion and privilege escalation"}]}]}, "references": {"reference_data": [{"name": "https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-14177", "refsource": "CONFIRM", "url": "https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-14177"}, {"name": "https://bazaar.launchpad.net/~apport-hackers/apport/trunk/revision/3171", "refsource": "CONFIRM", "url": "https://bazaar.launchpad.net/~apport-hackers/apport/trunk/revision/3171"}, {"name": "USN-3480-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/usn/usn-3480-1"}, {"name": "https://launchpad.net/bugs/1726372", "refsource": "CONFIRM", "url": "https://launchpad.net/bugs/1726372"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T19:20:40.651Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-14177"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bazaar.launchpad.net/~apport-hackers/apport/trunk/revision/3171"}, {"name": "USN-3480-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/usn/usn-3480-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://launchpad.net/bugs/1726372"}]}]}, "cveMetadata": {"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "assignerShortName": "canonical", "cveId": "CVE-2017-14177", "datePublished": "2018-02-02T14:00:00.000Z", "dateReserved": "2017-09-07T00:00:00.000Z", "dateUpdated": "2024-09-17T00:15:35.899Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apport_project:apport:*:*:*:*:*:*:*:*", "matchCriteriaId": "F2519820-9513-4C0E-AF95-639587329310", "versionEndIncluding": "2.20.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*", "matchCriteriaId": "588D4F37-0A56-47A4-B710-4D5F3D214FB9", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Apport through 2.20.7 does not properly handle core dumps from setuid binaries allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1324."}, {"lang": "es", "value": "Apport, hasta la versi\u00f3n 2.20.7, no gestiona adecuadamente lo volcados de n\u00facleo de binarios setuid, lo que permite que los usuarios locales creen ciertos archivos como root. Un atacante podr\u00eda aprovechar estos archivos para realizar una denegaci\u00f3n de servicio (DoS) mediante el agotamiento de recursos o, posiblemente, obtener privilegios root. NOTA: Esta vulnerabilidad existe debido a una soluci\u00f3n incompleta para CVE-2015-1324."}], "id": "CVE-2017-14177", "lastModified": "2024-11-21T03:12:18.367", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-02-02T14:29:00.263", "references": [{"source": "security@ubuntu.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bazaar.launchpad.net/~apport-hackers/apport/trunk/revision/3171"}, {"source": "security@ubuntu.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://launchpad.net/bugs/1726372"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-14177"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/usn/usn-3480-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bazaar.launchpad.net/~apport-hackers/apport/trunk/revision/3171"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://launchpad.net/bugs/1726372"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-14177"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/usn/usn-3480-1"}], "sourceIdentifier": "security@ubuntu.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}