Impact
Data is read from a temporary location accessible by any user for a host.
This data is used to manipulate weather data shown to a user potentially confusing the users GUI.
A local attacker can pre-create this file and thus manipulate the data
displayed by the weather applet. Also a denial-of-service will be
possible e.g. by placing a FIFO there. Since the applet runs in the same thread as the budgie-panel, the entire panel can potentially be crashed by crashing the applet.
Patches
The fix has been resolved in a patch release v1.7.1
Workarounds
This issue can be mitigated if there is only one user account on the system and limiting physical access to other users to the host system.
References
None.
Impact
Data is read from a temporary location accessible by any user for a host.
This data is used to manipulate weather data shown to a user potentially confusing the users GUI.
A local attacker can pre-create this file and thus manipulate the data
displayed by the weather applet. Also a denial-of-service will be
possible e.g. by placing a FIFO there. Since the applet runs in the same thread as the budgie-panel, the entire panel can potentially be crashed by crashing the applet.
Patches
The fix has been resolved in a patch release v1.7.1
Workarounds
This issue can be mitigated if there is only one user account on the system and limiting physical access to other users to the host system.
References
None.