CVE-2017-14177

Vulnerability

Apport through version 2.20.7 contains an incomplete fix for CVE-2015-1324, which allows improper handling of core dumps from setuid binaries. The vulnerability affects all supported Ubuntu releases at the time of disclosure: 12.04 LTS (ESM), 14.04 LTS, 16.04 LTS, 17.04, and 17.10 [2][3]. The flaw resides in the crash handler's logic for detecting tainted processes; it fails to correctly restrict file creation when processing core dumps from setuid executables [1].

Exploitation

A local attacker must first trigger a crash in a setuid binary (e.g., by causing a segmentation fault). Apport then attempts to write a core dump file. Due to the incomplete fix, the attacker can influence the file path and content, allowing the creation of arbitrary files as root. No special privileges beyond local access are required, though default installations may need an extra package or configuration change to be exploitable [2].

Impact

Successful exploitation enables a local attacker to perform a denial of service via resource exhaustion (e.g., filling the filesystem) or potentially gain root privileges by overwriting critical system files [1][3]. The attack can also be used to escape Linux containers in certain configurations [2].

Mitigation

Canonical released a fix in USN-3480-1 on 15 November 2017 [3]. The updated package versions include apport 2.20.7-0ubuntu3.7 for Ubuntu 16.04 LTS and equivalent updates for other supported releases. Users should apply the update immediately. As a workaround, disabling Apport or restricting core dump file creation can reduce exposure [2].