CVE-2014-1420: Insecure temp file usage in Ubuntu UI toolkit
First published: Thu Sep 10 2020(Updated: )
On desktop, Ubuntu UI Toolkit's StateSaver would serialise data on tmp/ files which an attacker could use to expose potentially sensitive data. StateSaver would also open files without the O_EXCL flag. An attacker could exploit this to launch a symlink attack, though this is partially mitigated by symlink and hardlink restrictions in Ubuntu. Fixed in 1.1.1188+14.10.20140813.4-0ubuntu1.
Credit: security@ubuntu.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Canonical Ubuntu-ui-toolkit | <1.1.1188\+14.10.20140813.4-0ubuntu1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/weakness
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/title
- agent/author
- agent/remedy
- agent/severity
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/canonical
- canonical/canonical ubuntu-ui-toolkit