Reading local files as root leads to sensitive information disclosure
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
packagekit (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Hi,
The InstallFiles, GetFilesLocal and GetDetailsLocal methods of the d-bus interface to PackageKit accesses given files before checking for authorization. This allows non-privileged users to learn the MIME type of any file on the system.
Example in attached Python script:
$ python3 test_file_
File exists and is of MIME type: 'text/plain'
$ python3 test_file_
File does not exist
Description: Ubuntu 20.04 LTS
Release: 20.04
packagekit:
Installed: 1.1.13-2ubuntu1
Candidate: 1.1.13-2ubuntu1
Version table:
*** 1.1.13-2ubuntu1 500
500 http://
100 /var/lib/
Kind regards,
Vaisha Bernard
EYE Control B.V.
CVE References
Changed in packagekit (Ubuntu): | |
status: | New → Triaged |
information type: | Private Security → Public Security |
Attached patch