Description
DistUpgrade/DistUpgradeViewKDE.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 does not properly create temporary files, which allows local users to obtain the XAUTHORITY file content for a user via a symlink attack on the temporary file.
References (3)
Core 3
Core References
Issue Tracking x_refsource_confirm
https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/881541
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1284-1
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/47024
Scores
EPSS
0.0033
EPSS Percentile
24.1%
Details
CWE
CWE-59
Status
published
Products (7)
canonical/ubuntu_linux
8.04
canonical/ubuntu_linux
10.04
canonical/ubuntu_linux
10.10
canonical/ubuntu_linux
11.04
canonical/ubuntu_linux
11.10
canonical/update-manager
1\ 0.134.7 (4 CPE variants)
canonical/update-manager
< 1\:0.87.24
Published
Apr 17, 2014
Tracked Since
Feb 18, 2026