DescriptionDirectory traversal vulnerability in the Ubuntu network-manager package for Ubuntu (vivid) before, Ubuntu 14.10 before, and Ubuntu 14.04 LTS before allows local users to change the modem device configuration or read arbitrary files via a .. (dot dot) in the file name in a request to read modem device contexts (com.canonical.NMOfono.ReadImsiContexts).
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
network-manager (PTS)stretch1.6.2-3+deb9u2fixed
bookworm, sid1.32.12-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
network-managersource(unstable)(not affected)


- network-manager <not-affected> (Ubuntu specific patch)

Search for package or bug name: Reporting problems