Unrestricted Command Execution Vulnerability in UDM
CVE-2016-1579 · HIGH Severity
AV:N/AC:L/AU:N/C:P/I:P/A:P
UDM provides support for running commands after a download is completed, this is currently made use of for click package installation. This functionality was not restricted to unconfined applications. Before UDM version 1.2+16.04.20160408-0ubuntu1 any confined application could make use of the UDM C++ API to run arbitrary commands in an unconfined environment as the phablet user.
Learn more about our Cis Benchmark Audit For Ubuntu Linux.