Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/donnchac/ubuntu-apport-exploitation
This project contains a PoC and exploit generator for a code execution bug in Ubuntu's Apport crash reporter
https://github.com/donnchac/ubuntu-apport-exploitation
Last synced: about 2 months ago
JSON representation
This project contains a PoC and exploit generator for a code execution bug in Ubuntu's Apport crash reporter
- Host: GitHub
- URL: https://github.com/donnchac/ubuntu-apport-exploitation
- Owner: DonnchaC
- Created: 2016-12-06T22:47:56.000Z (about 8 years ago)
- Default Branch: master
- Last Pushed: 2016-12-16T14:50:46.000Z (about 8 years ago)
- Last Synced: 2024-10-13T19:22:04.464Z (2 months ago)
- Language: Python
- Homepage: https://donncha.is/2016/12/compromising-ubuntu-desktop/
- Size: 460 KB
- Stars: 95
- Watchers: 8
- Forks: 20
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Code Execution on Ubuntu Desktop >= 12.10 (Quantal)
Ubuntu ships the Apport crash handling software with all of its recent Desktop releases. This repo contains an exploit for a bug in the Apport crash report parser which can provide reliable code execution upon opening an Apport crash file. The parsing bug results in Python code injection in the Apport process. Exploiting this issue does not involve any memory corruption and it is extremely reliable.
For more information please check out my [blog post](https://donncha.is/2016/12/compromising-ubuntu-desktop/). This bug and other security issues were fixed in Apport on 2016-12-14 (CVE-2016-9949, CVE-2016-9950, and CVE-2016-9951).