Ubuntu Local Security Checks : Ubuntu: Security Advisory (USN-2609-1)

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.842208

Category: Ubuntu Local Security Checks

Title: Ubuntu: Security Advisory (USN-2609-1)

Summary: The remote host is missing an update for the 'apport' package(s) announced via the USN-2609-1 advisory.

Description: Summary:
The remote host is missing an update for the 'apport' package(s) announced via the USN-2609-1 advisory.

Vulnerability Insight:
Sander Bos discovered that Apport incorrectly handled permissions when
the system was configured to generate core dumps for setuid binaries. A
local attacker could use this issue to gain elevated privileges.
(CVE-2015-1324)

Philip Pettersson discovered that Apport contained race conditions
resulting core dumps to be generated with incorrect permissions in
arbitrary locations. A local attacker could use this issue to gain elevated
privileges. (CVE-2015-1325)

Affected Software/OS:
'apport' package(s) on Ubuntu 12.04, Ubuntu 14.04, Ubuntu 14.10, Ubuntu 15.04.

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2015-1324
BugTraq ID: 74767
http://www.securityfocus.com/bid/74767
http://www.ubuntu.com/usn/USN-2609-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-1325
BugTraq ID: 74769
http://www.securityfocus.com/bid/74769
https://www.exploit-db.com/exploits/37088/
http://www.openwall.com/lists/oss-security/2015/05/21/10

Copyright Copyright (C) 2015 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.842208
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-2609-1)
Summary:	The remote host is missing an update for the 'apport' package(s) announced via the USN-2609-1 advisory.
Description:	Summary: The remote host is missing an update for the 'apport' package(s) announced via the USN-2609-1 advisory. Vulnerability Insight: Sander Bos discovered that Apport incorrectly handled permissions when the system was configured to generate core dumps for setuid binaries. A local attacker could use this issue to gain elevated privileges. (CVE-2015-1324) Philip Pettersson discovered that Apport contained race conditions resulting core dumps to be generated with incorrect permissions in arbitrary locations. A local attacker could use this issue to gain elevated privileges. (CVE-2015-1325) Affected Software/OS: 'apport' package(s) on Ubuntu 12.04, Ubuntu 14.04, Ubuntu 14.10, Ubuntu 15.04. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-1324 BugTraq ID: 74767 http://www.securityfocus.com/bid/74767 http://www.ubuntu.com/usn/USN-2609-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-1325 BugTraq ID: 74769 http://www.securityfocus.com/bid/74769 https://www.exploit-db.com/exploits/37088/ http://www.openwall.com/lists/oss-security/2015/05/21/10
Copyright	Copyright (C) 2015 Greenbone AG