Directory traversal vulnerability in the Ubuntu network-manager package for Ubuntu (vivid) prior to 0.9.10.0-4ubuntu15.1, Ubuntu 14.10 prior to 0.9.8.8-0ubuntu28.1, and Ubuntu 14.04 LTS prior to 0.9.8.8-0ubuntu7.1 allows local users to change the modem device configuration or read arbitrary files via a .. (dot dot) in the file name in a request to read modem device contexts (com.canonical.NMOfono.ReadImsiContexts).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
canonical ubuntu linux 14.10 |
||
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 15.1 |
||
ubuntu network-manager |