Headline
CVE-2023-49346: Potential manipulation of the GUI being displayed and DoS potential attack for budgie-extras WeatherShow applet
Temporary data passed between application components by Budgie Extras WeatherShow applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel.
Impact
Data is read from a temporary location accessible by any user for a host.
This data is used to manipulate weather data shown to a user potentially confusing the users GUI.
A local attacker can pre-create this file and thus manipulate the data
displayed by the weather applet. Also a denial-of-service will be
possible e.g. by placing a FIFO there. Since the applet runs in the same thread as the budgie-panel, the entire panel can potentially be crashed by crashing the applet.
Patches
The fix has been resolved in a patch release v1.7.1
Workarounds
This issue can be mitigated if there is only one user account on the system and limiting physical access to other users to the host system.
References
None.
Related news
Ubuntu Security Notice 6556-1 - It was discovered that Budgie Extras incorrectly handled certain temporary file paths. An attacker could possibly use this issue to inject false information or deny access to the application. Matthias Gerstner discovered that Budgie Extras incorrectly handled certain temporary file paths. A local attacker could use this to inject arbitrary PNG data in this path and have it displayed on the victim's desktop or deny access to the application.
Temporary data passed between application components by Budgie Extras Windows Previews could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may read private information from windows, present false information to users, or deny access to the application.