CVE-2015-1319 — LOW (2.1) — White Hats Nepal

Vulnerability Description

The Unity Settings Daemon before 14.04.0+14.04.20150825-0ubuntu2 and 15.04.x before 15.04.1+15.04.20150408-0ubuntu1.2 does not properly detect if the screen is locked, which allows physically proximate attackers to mount removable media while the screen is locked as demonstrated by inserting a USB thumb drive.

CVSS Score

2.1

LOW

AV:L/AC:L/Au:N/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Canonical	Ubuntu Linux	14.04

Related Weaknesses (CWE)

CWE-20

References

http://www.ubuntu.com/usn/USN-2741-1PatchVendor Advisory
https://bugs.launchpad.net/ubuntu/%2Bsource/unity/%2Bbug/1438870Third Party Advisory
http://www.ubuntu.com/usn/USN-2741-1PatchVendor Advisory
https://bugs.launchpad.net/ubuntu/%2Bsource/unity/%2Bbug/1438870Third Party Advisory

FAQ

What is CVE-2015-1319?

CVE-2015-1319 is a vulnerability with a CVSS score of 2.1 (LOW). The Unity Settings Daemon before 14.04.0+14.04.20150825-0ubuntu2 and 15.04.x before 15.04.1+15.04.20150408-0ubuntu1.2 does not properly detect if the screen is locked, which allows physically proximat...

How severe is CVE-2015-1319?

CVE-2015-1319 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-1319?

Check the references section above for vendor advisories and patch information. Affected products include: Canonical Ubuntu Linux.