Influenza A virus subtype H5N1 safety researcher has discovered a critical vulnerability inward Ubuntu Linux operating organisation that would let an assaulter to remotely compromise a target electronic computer using a malicious file.
The vulnerability affects all default Ubuntu Linux installations versions 12.10 (Quantal) together with later.
Researcher Donncha O'Cearbhaill discovered the safety põrnikas which truly resides inward the Apport crash reporting tool on Ubuntu.
Influenza A virus subtype H5N1 successful exploit of this CrashDB code injection lawsuit could let an assaulter to remotely execute arbitrary code on victim's machine. All an assaulter needs is to fob the Ubuntu user into opening a maliciously booby-trapped crash file.
This would inject malicious code inward Ubuntu OS's crash file handler, which when parsed, executes arbitrary Python code.
"The code commencement checks if the CrashDB acre starts amongst { indicating the start of a Python dictionary," O'Cearbhaill explains.
"If found, Apport volition telephone telephone Python’s builtin eval() method amongst the value of the CrashDB field. eval() executes the passed information equally a Python facial expression which leads to straightforward together with reliable Python code execution."The flawed code was introduced on 2012-08-22 inward Apport revision 2464 together with was initially included inward unloosen 2.6.1.
O'Cearbhaill has published the re-create of his proof-of-concept (PoC) source code on GitHub.
Video Demonstration of the CrashDB Code Injection Attack
The researcher has also shared a video demonstration, showing that it is possible to arrive at command over the targeted Ubuntu box organisation using this flaw amongst the help of a malicious file.
O'Cearbhaill launched Gnome figurer amongst a uncomplicated Apport crash written report file together with explained that the code could hold upward saved amongst the .crash extension or amongst whatever other extension that's non registered on Ubuntu.
The researcher reported the crash reporting app põrnikas (listed equally CVE-2016-9949 together with a related path traversal põrnikas equally CVE-2016-9950) to the Ubuntu team, together with the proficient word is that the squad has already patched the flaw inward Ubuntu on Dec fourteen amongst O'Cearbhaill receiving $10,000 bounty.
Users together with administrators of Ubuntu Linux desktops are strongly advised to piece their systems equally presently equally possible via the park update mechanism.
