Mdeslaur

Name of the Vulnerable Software and Affected Versions Sudo versions through 1.9.17p2 Description A failure of a setuid, setgid, or setgroups call during a privilege drop before running the mailer is not a fatal error and can lead to privilege escalation. Recommendations Update Sudo to a version later than 1.9.17p2.

**Name of the Vulnerable Software and Affected Versions** gnome-control-center (affected versions not specified) **Description** The issue concerns the configuration of gnome-control-center in Ubuntu, which allowed Remote Desktop Sharing to be enabled by default. Additionally, turning off RDP Remote Desktop Sharing with gnome-control-center would only disable it for the current session, and it would be re-enabled upon logging back in without any user interaction or notification. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** remote-login-service versions 1.0.0-0ubuntu3 and prior versions **Description** The cryptographic algorithm used in remote-login-service to cache usernames and passwords is insecure, allowing an attacker to potentially recover usernames and passwords from the file. **Recommendations** For versions 1.0.0-0ubuntu3 and prior, update to a version that uses a secure cryptographic algorithm for caching usernames and passwords. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** software-properties versions prior to 0.92 **Description** The issue is related to a person-in-the-middle attack due to incorrect TLS certificate validation in softwareproperties/ppa.py. The software didn't check TLS certificates under python2 and only checked certificates under python3 if a valid certificate bundle was provided. **Recommendations** For software-properties versions prior to 0.92, update to version 0.92 to resolve the issue. As a temporary workaround, consider disabling the use of TLS connections or ensuring a valid certificate bundle is provided when using python3 until the update is applied. Restrict access to the `softwareproperties/ppa.py` module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** trust-store (Ubuntu) versions prior to 1.1.0+15.04.20150123-0ubuntu1 trust-store (Ubuntu RTM) versions prior to 1.1.0+15.04.20150123~rtm-0ubuntu1 **Description** The issue arises when a user revokes location access from an application in Ubuntu's trust-store. Despite the revocation, the location remains accessible to the application due to it honoring incorrect, cached permissions. This occurs because the cache was not ordered by creation time by the Select struct in src/core/trust/impl/sqlite3/store.cpp. **Recommendations** For trust-store (Ubuntu) versions prior to 1.1.0+15.04.20150123-0ubuntu1, update to version 1.1.0+15.04.20150123-0ubuntu1 or later. For trust-store (Ubuntu RTM) versions prior to 1.1.0+15.04.20150123~rtm-0ubuntu1, update to version 1.1.0+15.04.20150123~rtm-0ubuntu1 or later.

**Name of the Vulnerable Software and Affected Versions** signond versions prior to 8.57+15.04.20141127.1-0ubuntu1 **Description** The issue is related to the signond application, which did not properly restrict other applications from querying oath tokens due to incorrect checks and the missing installation of the signon-apparmor-extension. This could allow an attacker to create a malicious click app that collects oauth tokens for other applications, potentially exposing sensitive information. **Recommendations** For versions prior to 8.57+15.04.20141127.1-0ubuntu1, update to version 8.57+15.04.20141127.1-0ubuntu1 or later to resolve the issue. As a temporary workaround, consider restricting the use of oath tokens or implementing additional security measures to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: GNU Libc (affected versions not specified) Description: The issue is related to a mitigation bypass, where an attacker may bypass ASLR using the cache of thread stack and heap. The component affected is glibc. It is noted that upstream comments indicate this is being treated as a non-security bug and no real threat. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: glibc (affected versions not specified) Description: The issue concerns a mitigation bypass in glibc, allowing an attacker to potentially guess the heap addresses of pthread-created threads. The vendor's stance is that ASLR bypass itself is not considered a vulnerability. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** unity-firefox-extension versions prior to 3.0.0+14.04.20140416-0ubuntu1.14.04.1 **Description** The issue is related to resource release errors in the unity-firefox-extension package. It can be exploited by a remote attacker to cause a denial of service. The exploitation involves tricking the package into dropping a C callback that is still in use, leading to a crash when Firefox attempts to free it. This can be achieved by adding an action to the launcher and updating it with new callbacks until a rate limit is hit. **Recommendations** For versions prior to 3.0.0+14.04.20140416-0ubuntu1.14.04.1, update to version 3.0.0+14.04.20140416-0ubuntu1.14.04.1 or later of unity-firefox-extension to resolve the issue. Alternatively, consider disabling the unity-firefox-extension package entirely, as done in the fixed versions of libunity-webapps, to prevent the attack.

**Name of the Vulnerable Software and Affected Versions** unity-firefox-extension versions prior to 3.0.0+14.04.20140416-0ubuntu1.14.04.1 **Description** The issue is related to the unity-firefox-extension package, which could be tricked into destroying the Unity webapps context, causing Firefox to crash. This could be achieved by spinning the event loop inside the webapps initialization callback. The problem is also associated with resource release errors. **Recommendations** For versions prior to 3.0.0+14.04.20140416-0ubuntu1.14.04.1, update to version 3.0.0+14.04.20140416-0ubuntu1.14.04.1 or later, which ships an empty package and thus disables the extension entirely. As a temporary workaround, consider disabling the unity-firefox-extension to prevent potential crashes.

**Name of the Vulnerable Software and Affected Versions** Unity Settings Daemon versions prior to 14.04.0+14.04.20150825-0ubuntu2 Unity Settings Daemon versions 15.04.x prior to 15.04.1+15.04.20150408-0ubuntu1.2 **Description** The issue allows physically proximate attackers to mount removable media while the screen is locked, as demonstrated by inserting a USB thumb drive, due to the Unity Settings Daemon not properly detecting if the screen is locked. **Recommendations** For Unity Settings Daemon versions prior to 14.04.0+14.04.20150825-0ubuntu2, update to version 14.04.0+14.04.20150825-0ubuntu2 or later. For Unity Settings Daemon versions 15.04.x prior to 15.04.1+15.04.20150408-0ubuntu1.2, update to version 15.04.1+15.04.20150408-0ubuntu1.2 or later.

**Name of the Vulnerable Software and Affected Versions** Light Display Manager (LightDM) versions prior to 1.1.1 **Description** The issue allows local users to read arbitrary files via a symlink attack on the ~/.dmrc file. This is due to a flaw in the dmrc.c component of LightDM. **Recommendations** For versions prior to 1.1.1, update to version 1.1.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the ~/.dmrc file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Ubuntu Metal as a Service (MaaS) versions 1.2 and 1.4 **Description** The issue allows local users to obtain RabbitMQ authentication credentials by reading a file with world-readable permissions. This affects the txlongpoll.yaml file. **Recommendations** For Ubuntu Metal as a Service (MaaS) version 1.2, update the permissions of the txlongpoll.yaml file to restrict access. For Ubuntu Metal as a Service (MaaS) version 1.4, update the permissions of the txlongpoll.yaml file to restrict access.

**Name of the Vulnerable Software and Affected Versions** MAAS versions prior to 13.10 **Description** The issue allows remote attackers to modify downloaded files via a man-in-the-middle (MITM) attack because the integrity of these files is not verified. **Recommendations** For versions prior to 13.10, update to version 13.10 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** LightDM versions 1.7.5 through 1.8.3 LightDM versions 1.9.x before 1.9.2 **Description** The issue allows local users to bypass intended restrictions by leveraging the Guest account, as the AppArmor profile is not applied to it. **Recommendations** For versions 1.7.5 through 1.8.3, update to a version that applies the AppArmor profile to the Guest account. For versions 1.9.x before 1.9.2, update to version 1.9.2 or later to ensure the AppArmor profile is applied to the Guest account.

**Name of the Vulnerable Software and Affected Versions** unity-firefox-extension version 2.4.1 **Description** The issue allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted webpage, due to the exposure of the `toDataURL` function in an API call in the `content/unity-api.js` file. **Recommendations** For version 2.4.1, consider disabling the `toDataURL` function in the `content/unity-api.js` file as a temporary workaround until a patch is available. Restrict access to the unity-firefox-extension to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Update Manager versions used by Ubuntu 12.04 LTS, 11.10, and 11.04 **Description** The issue allows remote attackers to read repository credentials by viewing a public bug report, as the Apport hook in Update Manager uploads the /var/log/dist-upgrade directory when reporting bugs to Launchpad. **Recommendations** For Ubuntu 12.04 LTS, 11.10, and 11.04, consider restricting access to the bug reporting feature in Update Manager until a proper fix is applied. As a temporary workaround, avoid using the Apport hook (DistUpgradeApport.py) in Update Manager for bug reporting until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** gnome-screensaver version 2.26.1 **Description** The issue allows physically proximate attackers to access an unattended workstation where screen locking was intended, due to gnome-screensaver relying on the gnome-session D-Bus interface to determine session idle time. This occurs even when using an Xfce desktop, such as Xubuntu or Mythbuntu. **Recommendations** For gnome-screensaver version 2.26.1, consider disabling the use of the gnome-session D-Bus interface for determining session idle time as a temporary workaround, until a patch is available. Restrict access to the workstation to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Poppler versions prior to 0.10.6 **Description** The issue is related to an integer overflow in the JBIG2 decoding feature, which can be exploited by remote attackers to cause a denial of service (crash) and possibly execute arbitrary code. This is related to vectors involving the CairoOutputDev feature in the CairoOutputDev.cc file. **Recommendations** For versions prior to 0.10.6, update to version 0.10.6 or later to resolve the issue. As a temporary workaround, consider disabling the JBIG2 decoding feature until a patch is available. Restrict access to the CairoOutputDev feature to minimize the risk of exploitation.