Local User Information Disclosure in Aptdaemon for Ubuntu
CVE-2015-1323

5.5MEDIUM

Key Information:

Vendor
Canonical
Status
Ubuntu Linux
Vendor
CVE Published:
21 July 2017

Summary

The simulate dbus method in Aptdaemon prior to version 1.1.1+bzr982-0ubuntu3.1 enables local users to gain unauthorized access to sensitive files and information due to improper access control. This flaw can potentially expose critical data, including files with root permissions, on affected Ubuntu systems, making it imperative for users to apply relevant security updates to mitigate risks.

References

http://www.securityfocus.com/bid/75221
vdb-entryx_refsource_BID
http://www.ubuntu.com/usn/USN-2648-1
vendor-advisoryx_refsource_UBUNTU

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.