CVE-2017-14179

Vulnerability

Apport versions before 2.13 do not properly handle crashes originating from a PID namespace. This allows a local user to create certain files as root without proper access controls. The vulnerability affects all supported Ubuntu releases up to 17.10 and potentially other distributions using Apport. [1][2]

Exploitation

An attacker with local access to a system using Apport can trigger a crash in a PID namespace (e.g., inside a container) and cause Apport to write crash reports or other files as root. The attacker can manipulate the crash data to exhaust disk space (denial of service) or overwrite sensitive files such as setuid binaries or system configuration to escalate privileges or escape a container. [2]

Impact

Successful exploitation can lead to denial of service via full disk exhaustion, local privilege escalation to root, or container escape. An attacker may gain complete control over the host system or cause persistent service disruption. [1][2]

Mitigation

Upgrade Apport to version 2.13 or later, which includes the fix. Ubuntu has released updated packages for supported releases. If an immediate update is not possible, consider disabling Apport or restricting its use in container environments. [1][2]