[Bug 1888235] Re: Improper Input Validation vulnerability in Locale property of a transaction leading to Information Disclosure
Marc Deslauriers
1888235 at bugs.launchpad.net
Thu Sep 24 14:47:40 UTC 2020
The updates for this issue have been released:
https://ubuntu.com/security/notices/USN-4537-1
Thanks!
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to aptdaemon in Ubuntu.
https://bugs.launchpad.net/bugs/1888235
Title:
Improper Input Validation vulnerability in Locale property of a
transaction leading to Information Disclosure
Status in aptdaemon package in Ubuntu:
Fix Released
Bug description:
Hi,
There is no input validation on the Locale property in an apt
transaction. An unprivileged user can supply a full path to a writable
directory, which lets aptd read a file as root. Having a symlink in
place results in an error message if the file exists, and no error
otherwise. This way an unprivileged user can check for the existence
of any files on the system as root.
This is a similar type of bug as CVE-2015-1323.
See the attached Python script for details.
$ ./test_file_exists.py /root/.bashrc
File Exists!
$ ./test_file_exists.py /root/.bashrca
File does not exist!
Description: Ubuntu 20.04 LTS
Release: 20.04
aptdaemon:
Installed: 1.1.1+bzr982-0ubuntu32.1
Candidate: 1.1.1+bzr982-0ubuntu32.1
Version table:
*** 1.1.1+bzr982-0ubuntu32.1 500
500 http://nl.archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages
500 http://nl.archive.ubuntu.com/ubuntu focal-updates/main i386 Packages
100 /var/lib/dpkg/status
1.1.1+bzr982-0ubuntu32 500
500 http://nl.archive.ubuntu.com/ubuntu focal/main amd64 Packages
500 http://nl.archive.ubuntu.com/ubuntu focal/main i386 Packages
Kind regards,
Vaisha Bernard
EYE Control B.V.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/aptdaemon/+bug/1888235/+subscriptions
More information about the foundations-bugs
mailing list