Problems in automatic crash analysis frameworks

Posted by Tavis Ormandy on Apr 14

Hello, this is CVE-2015-1318 and CVE-2015-1862 (essentially the same bugs in
two different implementations, apport and abrt respectively). These were
discussed on the vendors list last week.

If the first character of kern.core_pattern sysctl is a pipe, the kernel
will invoke the specified program, and pass it the core on stdin. Apport
(Ubuntu) and Abrt (Fedora) use this feature to analyze and log crashes.

Since the introduction of containers,…

Leave a Reply