Ubuntu
apport package

  1. Trusty (14.04)
  2. Bug #1648806
  3. Comment #8

Comment 8 for bug 1648806

Revision history for this message
Donncha O Cearbhaill (donnchac) wrote :

This Apport crash file exploits the Package name path traversal bug to load a Python hook file from the users Downloads directory (~/Downloads/hook.py). It would be straight forward to trick a user on Chromium as it automatically downloads files with prompt to the user's Downloads directory.