CVE-2016-1579
MEDIUMUDM <1.2+16.04.20160408-0ubuntu1 - Command Injection
Title source: llmDescription
UDM provides support for running commands after a download is completed, this is currently made use of for click package installation. This functionality was not restricted to unconfined applications. Before UDM version 1.2+16.04.20160408-0ubuntu1 any confined application could make use of the UDM C++ API to run arbitrary commands in an unconfined environment as the phablet user.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://bazaar.launchpad.net/~phablet-team/ubuntu-download-manager/trunk/revision/359
Scores
CVSS v3
6.7
EPSS
0.0077
EPSS Percentile
51.5%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-264
Status
published
Products (1)
canonical/ubuntu_download_manager
Published
Apr 22, 2019
Tracked Since
Feb 18, 2026