English
Log in
Search
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

HomeDescriptionsSA50563

Ubuntu update for ubiquity-slideshow-ubuntu


Secunia ID

SA50563
CVE-ID

CVE-2012-0956
Release Date

11 Sep 2012
Criticality

Not Critical
Solution Status

Vendor Patch
Where

From remote
Impact
Spoofing

This covers various vulnerabilities where it is possible for malicious users or people to impersonate other users or systems.
Description

Ubuntu has issued an update for ubiquity-slideshow-ubuntu. This fixes a a weakness, which can be exploited by malicious people to conduct spoofing attacks.

The weakness is caused due to the application incorrectly validating twitter feeds during system installation and can be exploited to e.g. spoof a twitter feed via Man-in-the-Middle (MitM) attacks.

This can further be exploited to conduct cross-site scripting attacks and disclose the contents of arbitrary local files.
Solution

Apply updated packages.

-- Ubuntu 12.04 LTS --
https://launchpad.net/ubuntu/+source/ubiquity-slideshow-ubuntu/58.2
Reported by

Paul Mutton
Original Advisory

USN-1561-1:
http://www.ubuntu.com/usn/usn-1561-1/

Paul Mutton:
https://launchpadlibrarian.net/103635884/ubuntu-12.04-desktop-xssrfa.pdf

© 1997-2013 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.
The authors' opinions do not necessarily reflect the official positions of Kaspersky Lab.

kaspersky.com

Products

eStore

Threats

Downloads

Support

Partners

About Us

Search

securelist.com

Threats

Analysis

Blog

Descriptions

Glossary

RSS feeds

Contacts

Search