CVE-2016-1579

Summary

UDM provides support for running commands after a download is completed, this is currently made use of for click package installation. This functionality was not restricted to unconfined applications. Before UDM version 1.2+16.04.20160408-0ubuntu1 any confined application could make use of the UDM C++ API to run arbitrary commands in an unconfined environment as the phablet user.

Affected Software

VendorProductVersion RangeStatus
UbuntuUbuntu Download Managerunspecified < 1.2+16.04.20160408-0ubuntu1affected

Weaknesses

  • Missing access control checks.

ADP Enrichment

CVE Program Container

Additional References

References