Local File Exposure in Update Manager by Canonical
CVE-2011-3154

Currently unrated

Key Information:

Vendor: Canonical
Status: Ubuntu Linux; Update-manager
Vendor: CVE Published:; 17 April 2014

What is CVE-2011-3154?

The Update Manager in Canonical's Ubuntu prior to specified versions is susceptible to a local vulnerability where temporary files are not securely created, potentially allowing local users to exploit symlink attacks to access sensitive information contained within the XAUTHORITY file. This vulnerability highlights the risks associated with insufficient file handling and symlink management in software applications.

References

https://bugs.launchpad.net/ubuntu/+source/update-manager/...

x_refsource_CONFIRM

http://www.ubuntu.com/usn/USN-1284-1

vendor-advisoryx_refsource_UBUNTU

http://secunia.com/advisories/47024

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 17, 2014
Vulnerability Reserved
Aug 16, 2011