CVE-2009-1295

Apport before 0.108.4 on Ubuntu 8.04 LTS, before 0.119.2 on Ubuntu 8.10, and before 1.0-0ubuntu5.2 on Ubuntu 9.04 does not properly remove files from the application's crash-report directory, which allows local users to delete arbitrary files via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
1.9 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:N/I:P/A:N
canonicalCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 22%
VendorProductVersion
apportapport
𝑥
≤ 0.1.0.8.1
ubuntuubuntu
8.0.4_lts:_lts
ubuntuubuntu
8.1.0
ubuntuubuntu
9.0.4
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
apport
jaunty
Fixed 1.0-0ubuntu5.2
released
intrepid
Fixed 0.119.2
released
hardy
Fixed 0.108.4
released
dapper
dne
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
http://secunia.com/advisories/34947
http://secunia.com/advisories/34952
http://secunia.com/advisories/35065
http://www.securityfocus.com/bid/34776
http://www.ubuntu.com/usn/usn-768-1
https://bugs.launchpad.net/bugs/357024
https://launchpad.net/bugs/cve/2009-1295
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
http://secunia.com/advisories/34947
http://secunia.com/advisories/34952
http://secunia.com/advisories/35065
http://www.securityfocus.com/bid/34776
http://www.ubuntu.com/usn/usn-768-1
https://bugs.launchpad.net/bugs/357024
https://launchpad.net/bugs/cve/2009-1295