CVE-2014-1420 - OpenCVE

On desktop, Ubuntu UI Toolkit's StateSaver would serialise data on tmp/ files which an attacker could use to expose potentially sensitive data. StateSaver would also open files without the O_EXCL flag. An attacker could exploit this to launch a symlink attack, though this is partially mitigated by symlink and hardlink restrictions in Ubuntu. Fixed in 1.1.1188+14.10.20140813.4-0ubuntu1.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Canonical	Ubuntu-ui-toolkit

Configuration 1 [-]

cpe:2.3:a:canonical:ubuntu-ui-toolkit:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://bazaar.launchpad.net/~ubuntu-sdk-team/ubuntu-ui-toolkit/staging/revision/1182
https://launchpad.net/bugs/1348241

History

No history.

MITRE

Status: PUBLISHED

Assigner: canonical

Published: 2020-09-10T23:55:14.770958Z

Updated: 2024-09-16T17:08:12.605Z

Reserved: 2014-01-13T00:00:00

Link: CVE-2014-1420

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-09-11T00:15:11.733

Modified: 2020-09-16T15:10:18.080

Link: CVE-2014-1420

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "ubuntu-ui-toolkit", "vendor": "Canonical", "versions": [{"lessThan": "1.1.1188+14.10.20140813.4-0ubuntu1", "status": "affected", "version": "1.1.1188", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Olivier Tilloy"}], "datePublic": "2014-07-24T00:00:00", "descriptions": [{"lang": "en", "value": "On desktop, Ubuntu UI Toolkit's StateSaver would serialise data on tmp/ files which an attacker could use to expose potentially sensitive data. StateSaver would also open files without the O_EXCL flag. An attacker could exploit this to launch a symlink attack, though this is partially mitigated by symlink and hardlink restrictions in Ubuntu. Fixed in 1.1.1188+14.10.20140813.4-0ubuntu1."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-59", "description": "CWE-59 Improper Link Resolution Before File Access ('Link Following')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-09-10T23:55:14", "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical"}, "references": [{"tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://launchpad.net/bugs/1348241"}, {"tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://bazaar.launchpad.net/~ubuntu-sdk-team/ubuntu-ui-toolkit/staging/revision/1182"}], "source": {"defect": ["https://launchpad.net/bugs/1348241"], "discovery": "INTERNAL"}, "title": "Insecure temp file usage in Ubuntu UI toolkit", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"AKA": "", "ASSIGNER": "security@ubuntu.com", "DATE_PUBLIC": "2014-07-24T15:47:00.000Z", "ID": "CVE-2014-1420", "STATE": "PUBLIC", "TITLE": "Insecure temp file usage in Ubuntu UI toolkit"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "ubuntu-ui-toolkit", "version": {"version_data": [{"platform": "", "version_affected": "<", "version_name": "1.1.1188", "version_value": "1.1.1188+14.10.20140813.4-0ubuntu1"}]}}]}, "vendor_name": "Canonical"}]}}, "configuration": [], "credit": [{"lang": "eng", "value": "Olivier Tilloy"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "On desktop, Ubuntu UI Toolkit's StateSaver would serialise data on tmp/ files which an attacker could use to expose potentially sensitive data. StateSaver would also open files without the O_EXCL flag. An attacker could exploit this to launch a symlink attack, though this is partially mitigated by symlink and hardlink restrictions in Ubuntu. Fixed in 1.1.1188+14.10.20140813.4-0ubuntu1."}]}, "exploit": [], "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-59 Improper Link Resolution Before File Access ('Link Following')"}]}]}, "references": {"reference_data": [{"name": "https://launchpad.net/bugs/1348241", "refsource": "UBUNTU", "url": "https://launchpad.net/bugs/1348241"}, {"name": "http://bazaar.launchpad.net/~ubuntu-sdk-team/ubuntu-ui-toolkit/staging/revision/1182", "refsource": "UBUNTU", "url": "http://bazaar.launchpad.net/~ubuntu-sdk-team/ubuntu-ui-toolkit/staging/revision/1182"}]}, "solution": [], "source": {"advisory": "", "defect": ["https://launchpad.net/bugs/1348241"], "discovery": "INTERNAL"}, "work_around": []}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T09:42:35.314Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://launchpad.net/bugs/1348241"}, {"tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://bazaar.launchpad.net/~ubuntu-sdk-team/ubuntu-ui-toolkit/staging/revision/1182"}]}]}, "cveMetadata": {"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "assignerShortName": "canonical", "cveId": "CVE-2014-1420", "datePublished": "2020-09-10T23:55:14.770958Z", "dateReserved": "2014-01-13T00:00:00", "dateUpdated": "2024-09-16T17:08:12.605Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:canonical:ubuntu-ui-toolkit:*:*:*:*:*:*:*:*", "matchCriteriaId": "81A1112E-6812-41E7-AC6A-0411EDA80487", "versionEndExcluding": "1.1.1188\\+14.10.20140813.4-0ubuntu1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "On desktop, Ubuntu UI Toolkit's StateSaver would serialise data on tmp/ files which an attacker could use to expose potentially sensitive data. StateSaver would also open files without the O_EXCL flag. An attacker could exploit this to launch a symlink attack, though this is partially mitigated by symlink and hardlink restrictions in Ubuntu. Fixed in 1.1.1188+14.10.20140813.4-0ubuntu1."}, {"lang": "es", "value": "En escritorio, StateSaver de Ubuntu UI Toolkit serializar\u00eda datos en archivos tmp/ que un atacante podr\u00eda usar para exponer datos potencialmente confidenciales. StateSaver tambi\u00e9n abrir\u00eda archivos sin el indicador O_EXCL. Un atacante podr\u00eda explotar esto para iniciar un ataque de enlace simb\u00f3lico, aunque esto est\u00e1 parcialmente mitigado por las restricciones de enlaces simb\u00f3licos y f\u00edsicos en Ubuntu. Corregido en versiones 1.1.1188 +14.10.20140813.4-0ubuntu1"}], "id": "CVE-2014-1420", "lastModified": "2020-09-16T15:10:18.080", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 1.4, "source": "security@ubuntu.com", "type": "Secondary"}]}, "published": "2020-09-11T00:15:11.733", "references": [{"source": "security@ubuntu.com", "tags": ["Patch", "Third Party Advisory"], "url": "http://bazaar.launchpad.net/~ubuntu-sdk-team/ubuntu-ui-toolkit/staging/revision/1182"}, {"source": "security@ubuntu.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://launchpad.net/bugs/1348241"}], "sourceIdentifier": "security@ubuntu.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-59"}], "source": "security@ubuntu.com", "type": "Secondary"}]}