Impact
Data used by the takeabreak budgie applet is stored in a host system location that is accessible to any user who has local access to the system.
The data file format is easily guessable; this potentially allows a local attacker to pre-create this file and have arbitrary string
content displayed instead of the actual "next time". A denial-of-service will also be possible e.g. by placing a FIFO there. Since the applet runs in the same thread for the budgie panel, by crashing the applet this can crash the entire panel.
Patches
The fix has been resolved in a patch release v1.7.1
Workarounds
This issue can be mitigated if there is only one user account on the system and limiting physical access to other users to the host system.
References
None.
Impact
Data used by the takeabreak budgie applet is stored in a host system location that is accessible to any user who has local access to the system.
The data file format is easily guessable; this potentially allows a local attacker to pre-create this file and have arbitrary string
content displayed instead of the actual "next time". A denial-of-service will also be possible e.g. by placing a FIFO there. Since the applet runs in the same thread for the budgie panel, by crashing the applet this can crash the entire panel.
Patches
The fix has been resolved in a patch release v1.7.1
Workarounds
This issue can be mitigated if there is only one user account on the system and limiting physical access to other users to the host system.
References
None.