4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
10.1%
Directory traversal vulnerability in the Ubuntu network-manager package for
Ubuntu (vivid) before 0.9.10.0-4ubuntu15.1, Ubuntu 14.10 before
0.9.8.8-0ubuntu28.1, and Ubuntu 14.04 LTS before 0.9.8.8-0ubuntu7.1 allows
local users to change the modem device configuration or read arbitrary
files via a … (dot dot) in the file name in a request to read modem device
contexts (com.canonical.NMOfono.ReadImsiContexts).
Author | Note |
---|---|
mdeslaur | issue in ubuntu-specific ofono integration patch |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 14.04 | noarch | network-manager | < 0.9.8.8-0ubuntu7.1 | UNKNOWN |
ubuntu | 14.10 | noarch | network-manager | < 0.9.8.8-0ubuntu28.1 | UNKNOWN |
ubuntu | 15.04 | noarch | network-manager | < 0.9.10.0-4ubuntu15.1 | UNKNOWN |