Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title File Roller vulnerability
Informations
Name USN-4332-2 First vendor Publication 2020-04-27
Vendor Ubuntu Last vendor Modification 2020-04-27
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
Overall CVSS Score 3.9
Base Score 3.9 Environmental Score 3.9
impact SubScore 2.5 Temporal Score 3.9
Exploitabality Sub Score 1.3
 
Attack Vector Local Attack Complexity Low
Privileges Required Low User Interaction Required
Scope Unchanged Confidentiality Impact None
Integrity Impact Low Availability Impact Low
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:N/I:P/A:P)
Cvss Base Score 3.3 Attack Range Local
Cvss Impact Score 4.9 Attack Complexity Medium
Cvss Expoit Score 3.4 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS

Summary:

File Roller could be made to expose sensitive information.

Software Description: - file-roller: archive manager for GNOME

Details:

USN-4332-1 fixed vulnerabilities in File Roller. This update provides the corresponding update for Ubuntu 20.04 LTS.

Original advisory details:

It was discovered that File Roller incorrectly handled symlinks.
An attacker could possibly use this issue to expose sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 20.04 LTS:
file-roller 3.36.1-1ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4332-2
https://usn.ubuntu.com/4332-1
CVE-2020-11736

Package Information:
https://launchpad.net/ubuntu/+source/file-roller/3.36.1-1ubuntu0.1

Original Source

Url : http://www.ubuntu.com/usn/USN-4332-2

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-59 Improper Link Resolution Before File Access ('Link Following')
50 % CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Os 4
Os 1

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2020-05-23 13:03:46
  • Multiple Updates
2020-04-28 00:19:05
  • First insertion