On desktop, Ubuntu UI Toolkit's StateSaver would serialise data on tmp/ files which an attacker could use to expose potentially sensitive data. StateSaver would also open files without the O_EXCL flag. An attacker could exploit this to launch a symlink attack, though this is partially mitigated by symlink and hardlink restrictions in Ubuntu. Fixed in 1.1.1188+14.10.20140813.4-0ubuntu1.
References
Link | Resource |
---|---|
http://bazaar.launchpad.net/~ubuntu-sdk-team/ubuntu-ui-toolkit/staging/revision/1182 | Patch Third Party Advisory |
https://launchpad.net/bugs/1348241 | Issue Tracking Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: canonical
Published: 2014-07-24T00:00:00
Updated: 2020-09-10T23:55:14
Reserved: 2014-01-13T00:00:00
Link: CVE-2014-1420
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-09-11T00:15:11.733
Modified: 2020-09-16T15:10:18.080
Link: CVE-2014-1420
JSON object: View
Redhat Information
No data.