Launchpad.net

CVE 2015-1327

Content Hub before version 0.0+15.04.20150331-0ubuntu1.0 DBUS API only requires a file path for a content item, it doesn't actually require the confined app have access to the file to create a transfer. This could allow a malicious application using the DBUS API to export file:///etc/passwd which would then send a copy of that file to another app.

Related bugs and status

CVE-2015-1327 (Candidate) is related to these bugs:

Bug #1456628: DBUS API doesn't prevent confined apps from passing paths to files without access

		In	Importance	Status
1456628	DBUS API doesn't prevent confined apps from passing paths to files without access	content-hub (Ubuntu)	Critical	Fix Released
1456628	DBUS API doesn't prevent confined apps from passing paths to files without access	content-hub (Ubuntu Vivid)	Critical	Fix Released
1456628	DBUS API doesn't prevent confined apps from passing paths to files without access	Canonical System Image	Critical	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://bazaar.launchp...