ioasis / google-security-research

Automatically exported from code.google.com/p/google-security-research
2 stars 0 forks source link

Linux: NetworkManager authorization problem with modem config files and arbitrary file read #412

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
http://www.ubuntu.com/usn/usn-2581-1/

---
Tavis Ormandy discovered that NetworkManager incorrectly filtered paths
when requested to read modem device contexts. A local attacker could
possibly use this issue to bypass privileges and manipulate modem device
configuration or read arbitrary files.

---

This bug is subject to a 90 day disclosure deadline. If 90 days elapse
without a broadly available patch, then the bug report will automatically
become visible to the public.

Original issue reported on code.google.com by cev...@google.com on 28 May 2015 at 10:10

GoogleCodeExporter commented 9 years ago

Original comment by cev...@google.com on 28 May 2015 at 10:15