Unrestricted Command Execution Vulnerability in UDM

Unrestricted Command Execution Vulnerability in UDM

CVE-2016-1579 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

UDM provides support for running commands after a download is completed, this is currently made use of for click package installation. This functionality was not restricted to unconfined applications. Before UDM version 1.2+16.04.20160408-0ubuntu1 any confined application could make use of the UDM C++ API to run arbitrary commands in an unconfined environment as the phablet user.

Learn more about our Cis Benchmark Audit For Ubuntu Linux.