Launchpad.net

CVE 2015-1323

The simulate dbus method in aptdaemon before 1.1.1+bzr982-0ubuntu3.1 as packaged in Ubuntu 15.04, before 1.1.1+bzr980-0ubuntu1.1 as packaged in Ubuntu 14.10, before 1.1.1-1ubuntu5.2 as packaged in Ubuntu 14.04 LTS, before 0.43+bzr805-0ubuntu10 as packaged in Ubuntu 12.04 LTS allows local users to obtain sensitive information, or access files with root permissions.

Related bugs and status

CVE-2015-1323 (Candidate) is related to these bugs:

Bug #1449587: SImulate dbus method doesn't require authentication

Summary				In	Importance	Status
	1449587	SImulate dbus method doesn't require authentication		aptdaemon (Ubuntu)	Critical	Fix Released

Bug #1888235: Improper Input Validation vulnerability in Locale property of a transaction leading to Information Disclosure

Summary				In	Importance	Status
	1888235	Improper Input Validation vulnerability in Locale property of a transaction leading to Information Disclosure		aptdaemon (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

UBUNTU: USN-2648-1
BID: 75221