CVE-2015-1323

NameCVE-2015-1323
DescriptionThe simulate dbus method in aptdaemon before 1.1.1+bzr982-0ubuntu3.1 as packaged in Ubuntu 15.04, before 1.1.1+bzr980-0ubuntu1.1 as packaged in Ubuntu 14.10, before 1.1.1-1ubuntu5.2 as packaged in Ubuntu 14.04 LTS, before 0.43+bzr805-0ubuntu10 as packaged in Ubuntu 12.04 LTS allows local users to obtain sensitive information, or access files with root permissions.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-261-1
NVD severitymedium (attack range: local)
Debian Bugs789162

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
aptdaemon (PTS)wheezy0.45-2+deb7u1fixed
jessie1.1.1-4+deb8u1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
aptdaemonsource(unstable)1.1.1+bzr982-1medium789162
aptdaemonsourcejessie1.1.1-4+deb8u1medium
aptdaemonsourcesqueeze0.31+bzr413-1.1+deb6u1mediumDLA-261-1
aptdaemonsourcewheezy0.45-2+deb7u1medium

Notes

https://bugs.launchpad.net/ubuntu/+source/aptdaemon/+bug/1449587

Search for package or bug name: Reporting problems