Rapid7 Vulnerability & Exploit Database

USN-2184-2: Unity vulnerabilities

Back to Search

USN-2184-2: Unity vulnerabilities

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
04/30/2014
Created
07/25/2018
Added
05/02/2014
Modified
07/09/2020

Description

USN-2184-1 fixed lock screen vulnerabilities in Unity. Further testing hasuncovered more issues which have been fixed in this update. This updatealso fixes a regression with the shutdown dialogue. We apologize for the inconvenience. Original advisory details: Frédéric Bardy discovered that Unity incorrectly filtered keyboard shortcuts when the screen was locked. A local attacker could possibly use this issue to run commands, and unlock the current session. Giovanni Mellini discovered that Unity could display the Dash in certain conditions when the screen was locked. A local attacker could possibly use this issue to run commands, and unlock the current session. The problem can be corrected by updating your system to the following package version: To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard system update you need to restart your session to make allthe necessary changes. LP: 1314247

Solution(s)

  • ubuntu-upgrade-unity

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;