Serious Bug Found in Ubuntu


The problem has been lurking for years, unnoticed.

An Irish security researcher Donncha O’Cearbhaill found a remote execution bug in Ubuntu’s Apport crash reporter that can infect a system with malicious code.

O’Cearbhaill wrote on his blog, “The bug allows for reliable code injection when a user simply opens a malicious file. The following video demonstrates the exploit opening the Gnome calculator. The executed payload also replaces the exploit file with a decoy zip file to cover its tracks.”

O‘Cearbhaill reports that Ubuntu will open any unknown file with apport-gtk if it begins with ProblemType . What makes things worse is that Apport is installed by default on all Ubuntu systems after 12.10, which also includes forks like Linux Mint.

If you are using any Ubuntu-based distribution, you are vulnerable. The hole has been patched, but it does expose one major problem with Linux: Often such bugs hide for years and even decades, and security experts often lack incentives for finding them. Unlike Google, which rewards such discoveries, Linux vendors often depend on the community.

Commercial Linux distributions like Ubuntu should start a reward program to encourage security researchers to find such bugs. Without enough eyes, all bugs are deep.

If you are using any Ubuntu-based distribution, please update your system immediately.


Related content

  • Feeding Seagulls Is Wrong
    "Please do not feed the seagulls" is good advice, and I'm not really talking about seagulls.
  • Tech News:
    News for system administrators around the world.
  • Ubuntu Business Desktop Remix 12.04 LTS
    Ubuntu Business Desktop Remix sees Canonical not only attempt to oust Windows off the enterprise desktop but also position itself as a low-budget alternative to enterprise desktops by Red Hat and SUSE.
  • Packaging Apps To Run on Any Linux Device
    Canonical's Snapcraft (Snappy) package manager creates a self-contained application that works across Linux distributions. We show you how to install, publish, and run a simple snap.
  • Container Apps
    Canonical’s Snapcraft (Snappy) package manager creates self-contained applications that work across Linux distributions. We show you how to install, publish, and run a simple snap.
comments powered by Disqus