CVE-2017-14179

Apport before 2.13 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
canonicalCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 9%
VendorProductVersion
apport_projectapport
𝑥
< 2.13
canonicalubuntu_linux
14.04
canonicalubuntu_linux
16.04
canonicalubuntu_linux
17.04
canonicalubuntu_linux
17.10
canonicalubuntu_linux
18.04
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
apport
artful
not-affected
zesty
not-affected
xenial
not-affected
trusty
not-affected
Common Weakness Enumeration
References
https://launchpad.net/bugs/1726372
https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-14179
https://launchpad.net/bugs/1726372
https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-14179