CVE-2015-1322 - OpenCVE

Directory traversal vulnerability in the Ubuntu network-manager package for Ubuntu (vivid) before 0.9.10.0-4ubuntu15.1, Ubuntu 14.10 before 0.9.8.8-0ubuntu28.1, and Ubuntu 14.04 LTS before 0.9.8.8-0ubuntu7.1 allows local users to change the modem device configuration or read arbitrary files via a .. (dot dot) in the file name in a request to read modem device contexts (com.canonical.NMOfono.ReadImsiContexts).

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Canonical	Ubuntu Linux
Ubuntu	Network-manager

Configuration 1 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:14.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:15.1:::::::*

Configuration 2 [-]

cpe:2.3:a:ubuntu:network-manager:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.ubuntu.com/usn/USN-2581-1
https://bugs.launchpad.net/ubuntu/%2Bsource/network-manager/%2Bbug/1449245

History

No history.

MITRE

Status: PUBLISHED

Assigner: canonical

Published: 2015-04-29T20:00:00

Updated: 2024-08-06T04:40:18.319Z

Reserved: 2015-01-22T00:00:00

Link: CVE-2015-1322

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2015-04-29T20:59:01.247

Modified: 2016-05-26T13:48:48.450

Link: CVE-2015-1322

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-04-28T00:00:00", "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the Ubuntu network-manager package for Ubuntu (vivid) before 0.9.10.0-4ubuntu15.1, Ubuntu 14.10 before 0.9.8.8-0ubuntu28.1, and Ubuntu 14.04 LTS before 0.9.8.8-0ubuntu7.1 allows local users to change the modem device configuration or read arbitrary files via a .. (dot dot) in the file name in a request to read modem device contexts (com.canonical.NMOfono.ReadImsiContexts)."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-04-06T18:57:01", "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.launchpad.net/ubuntu/%2Bsource/network-manager/%2Bbug/1449245"}, {"name": "USN-2581-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2581-1"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@ubuntu.com", "ID": "CVE-2015-1322", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory traversal vulnerability in the Ubuntu network-manager package for Ubuntu (vivid) before 0.9.10.0-4ubuntu15.1, Ubuntu 14.10 before 0.9.8.8-0ubuntu28.1, and Ubuntu 14.04 LTS before 0.9.8.8-0ubuntu7.1 allows local users to change the modem device configuration or read arbitrary files via a .. (dot dot) in the file name in a request to read modem device contexts (com.canonical.NMOfono.ReadImsiContexts)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://bugs.launchpad.net/ubuntu/%2Bsource/network-manager/%2Bbug/1449245", "refsource": "CONFIRM", "url": "https://bugs.launchpad.net/ubuntu/%2Bsource/network-manager/%2Bbug/1449245"}, {"name": "USN-2581-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2581-1"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T04:40:18.319Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.launchpad.net/ubuntu/%2Bsource/network-manager/%2Bbug/1449245"}, {"name": "USN-2581-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2581-1"}]}]}, "cveMetadata": {"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "assignerShortName": "canonical", "cveId": "CVE-2015-1322", "datePublished": "2015-04-29T20:00:00", "dateReserved": "2015-01-22T00:00:00", "dateUpdated": "2024-08-06T04:40:18.319Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*", "matchCriteriaId": "49A63F39-30BE-443F-AF10-6245587D3359", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "F6E0D7C3-E368-4F6C-AA67-8E066BB35654", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ubuntu:network-manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "14BD3EAE-16F0-4B23-908C-E722D69F02C9", "versionEndIncluding": "0.9.8.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the Ubuntu network-manager package for Ubuntu (vivid) before 0.9.10.0-4ubuntu15.1, Ubuntu 14.10 before 0.9.8.8-0ubuntu28.1, and Ubuntu 14.04 LTS before 0.9.8.8-0ubuntu7.1 allows local users to change the modem device configuration or read arbitrary files via a .. (dot dot) in the file name in a request to read modem device contexts (com.canonical.NMOfono.ReadImsiContexts)."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en el paquete network-manager de Ubuntu para Ubuntu (vivid) en versiones anteriores a 0.9.10.0-4ubuntu15.1, Ubuntu 14.10 en versiones anteriores a 0.9.8.8-0ubuntu28.1 y Ubuntu 14.04 LTS en versiones anteriores a 0.9.8.8-0ubuntu7.1 permite a usuarios locales cambiar la configuraci\u00f3n del dispositvo modem o leer archivos arbitrarios a trav\u00e9s de un .. (punto punto) en el nombre de archivo en una petici\u00f3n para leer contextos del dispositivo modem (com.canonical.NMOfono.ReadImsiContexts)."}], "id": "CVE-2015-1322", "lastModified": "2016-05-26T13:48:48.450", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-04-29T20:59:01.247", "references": [{"source": "security@ubuntu.com", "url": "http://www.ubuntu.com/usn/USN-2581-1"}, {"source": "security@ubuntu.com", "url": "https://bugs.launchpad.net/ubuntu/%2Bsource/network-manager/%2Bbug/1449245"}], "sourceIdentifier": "security@ubuntu.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}