CVE-2015-1341

Summary

Any Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument is -m in Apport before 2.19.2 function _python_module_path.

Affected Software

VendorProductVersion RangeStatus
UbuntuApportunspecified < 2.0.1-0ubuntu17.13affected
UbuntuApportunspecified < 2.19.1-0ubuntu4affected
UbuntuApportunspecified < 2.17.2-0ubuntu1.7affected
UbuntuApportunspecified < 2.14.1-0ubuntu3.18affected
UbuntuApportunspecified < 2.19.2affected

Weaknesses

  • Parsing a Python module by executing the module.

ADP Enrichment

CVE Program Container

Additional References

References