CVE-2009-1295
Published: 30 April 2009
Apport before 0.108.4 on Ubuntu 8.04 LTS, before 0.119.2 on Ubuntu 8.10, and before 1.0-0ubuntu5.2 on Ubuntu 9.04 does not properly remove files from the application's crash-report directory, which allows local users to delete arbitrary files via unspecified vectors.
Notes
Author | Note |
---|---|
jdstrand | bug mentions fuse being an attack vector, but it isn't on Jaunty symlink/race condition |
Priority
Status
Package | Release | Status |
---|---|---|
apport Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
dapper |
Does not exist
|
|
hardy |
Released
(0.108.4)
|
|
intrepid |
Released
(0.119.2)
|
|
jaunty |
Released
(1.0-0ubuntu5.2)
|
|
Patches: debdiff: https://bugs.edge.launchpad.net/apport/+bug/357024 |