Local User Information Disclosure in Aptdaemon for Ubuntu
CVE-2015-1323

5.5MEDIUM

Key Information:

Vendor: Canonical
Status: Ubuntu Linux
Vendor: CVE Published:; 21 July 2017

What is CVE-2015-1323?

The simulate dbus method in Aptdaemon prior to version 1.1.1+bzr982-0ubuntu3.1 enables local users to gain unauthorized access to sensitive files and information due to improper access control. This flaw can potentially expose critical data, including files with root permissions, on affected Ubuntu systems, making it imperative for users to apply relevant security updates to mitigate risks.

References

http://www.securityfocus.com/bid/75221

vdb-entryx_refsource_BID

http://www.ubuntu.com/usn/USN-2648-1

vendor-advisoryx_refsource_UBUNTU

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 21, 2017
Vulnerability Reserved
Jan 22, 2015

Canonical

What is CVE-2015-1323?

References

CVSS V3.1

Timeline