Vulnerability Description
Apport before 2.13 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apport Project | Apport | < 2.13 |
| Canonical | Ubuntu Linux | 14.04 |
Related Weaknesses (CWE)
References
- https://launchpad.net/bugs/1726372Issue TrackingThird Party Advisory
- https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-14179Third Party Advisory
- https://launchpad.net/bugs/1726372Issue TrackingThird Party Advisory
- https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-14179Third Party Advisory
FAQ
What is CVE-2017-14179?
CVE-2017-14179 is a vulnerability with a CVSS score of 7.8 (HIGH). Apport before 2.13 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of servic...
How severe is CVE-2017-14179?
CVE-2017-14179 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-14179?
Check the references section above for vendor advisories and patch information. Affected products include: Apport Project Apport, Canonical Ubuntu Linux.