CVE-2015-1322

Name of the Vulnerable Software and Affected Versions Ubuntu network-manager package versions prior to 0.9.10.0-4ubuntu15.1 Ubuntu network-manager package versions prior to 0.9.8.8-0ubuntu28.1 Ubuntu network-manager package versions prior to 0.9.8.8-0ubuntu7.1

Description A directory traversal issue exists, allowing local users to modify modem device configurations or read arbitrary files by including a .. (dot dot) in the file name within a request to read modem device contexts, specifically through com.canonical.NMOfono.ReadImsiContexts.

Recommendations For Ubuntu vivid before 0.9.10.0-4ubuntu15.1, update to version 0.9.10.0-4ubuntu15.1 or later. For Ubuntu 14.10 before 0.9.8.8-0ubuntu28.1, update to version 0.9.8.8-0ubuntu28.1 or later. For Ubuntu 14.04 LTS before 0.9.8.8-0ubuntu7.1, update to version 0.9.8.8-0ubuntu7.1 or later.