Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2013-2142

Published: 4 June 2013

userpref.c in libimobiledevice 1.1.4, when $HOME and $XDG_CONFIG_HOME are not set, allows local users to overwrite arbitrary files via a symlink attack on (1) HostCertificate.pem, (2) HostPrivateKey.pem, (3) libimobiledevicerc, (4) RootCertificate.pem, or (5) RootPrivateKey.pem in /tmp/root/.config/libimobiledevice/.

Priority

Medium

Status

Package Release Status
libimobiledevice
Launchpad, Ubuntu, Debian 		lucid Ignored
(end of life)
precise Not vulnerable
(1.1.1-4)
quantal
Released (1.1.4-1ubuntu3.2)
raring
Released (1.1.4-1ubuntu6.2)
upstream Needed

Patches:
upstream: http://cgit.sukimashita.com/libimobiledevice.git/commit/?id=a2ddca0916ef776dbd0c6304ea36b4ca7a35302c
upstream: http://cgit.sukimashita.com/libimobiledevice.git/commit/?id=153fbe15c702d9c36551d84ee8cb25c4884fd701
upstream: http://cgit.sukimashita.com/libimobiledevice.git/commit/?id=42892465d4522cf19283b8a06bf48104bb387430
This vulnerability is mitigated in part by the use of symlink restrictions in Ubuntu. This vulnerability is mitigated in part by the use of hardlink restrictions in Ubuntu.

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading