CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:N/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
5.1%
Paul Collins discovered that libimobiledevice incorrectly handled temporary
files. A local attacker could possibly use this issue to overwrite
arbitrary files and access device keys. In the default Ubuntu installation,
this issue should be mitigated by the Yama link restrictions.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 13.04 | noarch | libimobiledevice3 | < 1.1.4-1ubuntu6.2 | UNKNOWN |
Ubuntu | 13.04 | noarch | libimobiledevice-dev | < 1.1.4-1ubuntu6.2 | UNKNOWN |
Ubuntu | 13.04 | noarch | libimobiledevice-utils | < 1.1.4-1ubuntu6.2 | UNKNOWN |
Ubuntu | 13.04 | noarch | libimobiledevice3-dbg | < 1.1.4-1ubuntu6.2 | UNKNOWN |
Ubuntu | 13.04 | noarch | python-imobiledevice | < 1.1.4-1ubuntu6.2 | UNKNOWN |
Ubuntu | 12.10 | noarch | libimobiledevice3 | < 1.1.4-1ubuntu3.2 | UNKNOWN |
Ubuntu | 12.10 | noarch | libimobiledevice-dev | < 1.1.4-1ubuntu3.2 | UNKNOWN |
Ubuntu | 12.10 | noarch | libimobiledevice-utils | < 1.1.4-1ubuntu3.2 | UNKNOWN |
Ubuntu | 12.10 | noarch | libimobiledevice3-dbg | < 1.1.4-1ubuntu3.2 | UNKNOWN |
Ubuntu | 12.10 | noarch | python-imobiledevice | < 1.1.4-1ubuntu3.2 | UNKNOWN |