CVE-2014-1420 - OpenCVE

On desktop, Ubuntu UI Toolkit's StateSaver would serialise data on tmp/ files which an attacker could use to expose potentially sensitive data. StateSaver would also open files without the O_EXCL flag. An attacker could exploit this to launch a symlink attack, though this is partially mitigated by symlink and hardlink restrictions in Ubuntu. Fixed in 1.1.1188+14.10.20140813.4-0ubuntu1.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Canonical	Ubuntu-ui-toolkit

Configuration 1 [-]

cpe:2.3:a:canonical:ubuntu-ui-toolkit:*:*:*:*:*:*:*:*

References

Link	Resource
http://bazaar.launchpad.net/~ubuntu-sdk-team/ubuntu-ui-toolkit/staging/revision/1182	Patch Third Party Advisory
https://launchpad.net/bugs/1348241	Issue Tracking Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: canonical

Published: 2014-07-24T00:00:00

Updated: 2020-09-10T23:55:14

Reserved: 2014-01-13T00:00:00

Link: CVE-2014-1420

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-09-11T00:15:11.733

Modified: 2020-09-16T15:10:18.080

Link: CVE-2014-1420

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "ubuntu-ui-toolkit", "vendor": "Canonical", "versions": [{"lessThan": "1.1.1188+14.10.20140813.4-0ubuntu1", "status": "affected", "version": "1.1.1188", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Olivier Tilloy"}], "datePublic": "2014-07-24T00:00:00", "descriptions": [{"lang": "en", "value": "On desktop, Ubuntu UI Toolkit's StateSaver would serialise data on tmp/ files which an attacker could use to expose potentially sensitive data. StateSaver would also open files without the O_EXCL flag. An attacker could exploit this to launch a symlink attack, though this is partially mitigated by symlink and hardlink restrictions in Ubuntu. Fixed in 1.1.1188+14.10.20140813.4-0ubuntu1."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-59", "description": "CWE-59 Improper Link Resolution Before File Access ('Link Following')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-09-10T23:55:14", "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical"}, "references": [{"tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://launchpad.net/bugs/1348241"}, {"tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://bazaar.launchpad.net/~ubuntu-sdk-team/ubuntu-ui-toolkit/staging/revision/1182"}], "source": {"defect": ["https://launchpad.net/bugs/1348241"], "discovery": "INTERNAL"}, "title": "Insecure temp file usage in Ubuntu UI toolkit", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"AKA": "", "ASSIGNER": "security@ubuntu.com", "DATE_PUBLIC": "2014-07-24T15:47:00.000Z", "ID": "CVE-2014-1420", "STATE": "PUBLIC", "TITLE": "Insecure temp file usage in Ubuntu UI toolkit"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "ubuntu-ui-toolkit", "version": {"version_data": [{"platform": "", "version_affected": "<", "version_name": "1.1.1188", "version_value": "1.1.1188+14.10.20140813.4-0ubuntu1"}]}}]}, "vendor_name": "Canonical"}]}}, "configuration": [], "credit": [{"lang": "eng", "value": "Olivier Tilloy"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "On desktop, Ubuntu UI Toolkit's StateSaver would serialise data on tmp/ files which an attacker could use to expose potentially sensitive data. StateSaver would also open files without the O_EXCL flag. An attacker could exploit this to launch a symlink attack, though this is partially mitigated by symlink and hardlink restrictions in Ubuntu. Fixed in 1.1.1188+14.10.20140813.4-0ubuntu1."}]}, "exploit": [], "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-59 Improper Link Resolution Before File Access ('Link Following')"}]}]}, "references": {"reference_data": [{"name": "https://launchpad.net/bugs/1348241", "refsource": "UBUNTU", "url": "https://launchpad.net/bugs/1348241"}, {"name": "http://bazaar.launchpad.net/~ubuntu-sdk-team/ubuntu-ui-toolkit/staging/revision/1182", "refsource": "UBUNTU", "url": "http://bazaar.launchpad.net/~ubuntu-sdk-team/ubuntu-ui-toolkit/staging/revision/1182"}]}, "solution": [], "source": {"advisory": "", "defect": ["https://launchpad.net/bugs/1348241"], "discovery": "INTERNAL"}, "work_around": []}}}, "cveMetadata": {"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "assignerShortName": "canonical", "cveId": "CVE-2014-1420", "datePublished": "2014-07-24T00:00:00", "dateReserved": "2014-01-13T00:00:00", "dateUpdated": "2020-09-10T23:55:14", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:canonical:ubuntu-ui-toolkit:*:*:*:*:*:*:*:*", "matchCriteriaId": "81A1112E-6812-41E7-AC6A-0411EDA80487", "versionEndExcluding": "1.1.1188\\+14.10.20140813.4-0ubuntu1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "On desktop, Ubuntu UI Toolkit's StateSaver would serialise data on tmp/ files which an attacker could use to expose potentially sensitive data. StateSaver would also open files without the O_EXCL flag. An attacker could exploit this to launch a symlink attack, though this is partially mitigated by symlink and hardlink restrictions in Ubuntu. Fixed in 1.1.1188+14.10.20140813.4-0ubuntu1."}, {"lang": "es", "value": "En escritorio, StateSaver de Ubuntu UI Toolkit serializar\u00eda datos en archivos tmp/ que un atacante podr\u00eda usar para exponer datos potencialmente confidenciales. StateSaver tambi\u00e9n abrir\u00eda archivos sin el indicador O_EXCL. Un atacante podr\u00eda explotar esto para iniciar un ataque de enlace simb\u00f3lico, aunque esto est\u00e1 parcialmente mitigado por las restricciones de enlaces simb\u00f3licos y f\u00edsicos en Ubuntu. Corregido en versiones 1.1.1188 +14.10.20140813.4-0ubuntu1"}], "id": "CVE-2014-1420", "lastModified": "2020-09-16T15:10:18.080", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 1.4, "source": "security@ubuntu.com", "type": "Secondary"}]}, "published": "2020-09-11T00:15:11.733", "references": [{"source": "security@ubuntu.com", "tags": ["Patch", "Third Party Advisory"], "url": "http://bazaar.launchpad.net/~ubuntu-sdk-team/ubuntu-ui-toolkit/staging/revision/1182"}, {"source": "security@ubuntu.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://launchpad.net/bugs/1348241"}], "sourceIdentifier": "security@ubuntu.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-59"}], "source": "security@ubuntu.com", "type": "Secondary"}]}