Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0863

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2012-0863
Last Modified 01 May 2012 09:45:22
Published 30 Apr 2012 10:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2012-0863

Summary

Mumble 1.2.3 and earlier uses world-readable permissions for .local/share/data/Mumble/.mumble.sqlite files in home directories, which might allow local users to obtain a cleartext password and configuration data by reading a file.

Vulnerable Systems

Application

  • Mumble 1.2.0

  • Mumble 1.2.2

  • Mumble 1.2.3


References

CONFIRM - https://github.com/mumble-voip/mumble/commit/5632c35d6759f5e13a7dfe78e4ee6403ff6a8e3e

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=791000

CONFIRM - https://bugs.launchpad.net/ubuntu/+source/mumble/+bug/783405

MLIST - [oss-security] 20120215 Re: CVE request: mumble local information disclosure

MLIST - [oss-security] 20120215 CVE request: mumble local information disclosure

DEBIAN - DSA-2411

CONFIRM - http://bugs.gentoo.org/show_bug.cgi?id=403939

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659039


Last Updated: 27 May 2016 10:49:35