Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0948

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2012-0948
Last Modified 12 Jun 2012 12:00:00
Published 07 Jun 2012 05:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2012-0948

Summary

DistUpgrade/DistUpgradeMain.py in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uses weak permissions for (1) apt-clone_system_state.tar.gz and (2) system_state.tar.gz, which allows local users to obtain repository credentials.

Vulnerable Systems

Operating System

  • Canonical Ubuntu Linux 11.04

  • Canonical Ubuntu Linux 11.10

  • Canonical Ubuntu Linux 12.04

Application

  • Gnome Update-manager-core 0.150.5.2

  • Gnome Update-manager-core 0.152.25.10

  • Gnome Update-manager-core 0.156.14.3


References

XF - update-manager-info-disclosure(75727)

UBUNTU - USN-1443-1

BID - 53604

SECUNIA - 49230

OSVDB - 82019

CONFIRM - http://launchpadlibrarian.net/105380733/update-manager_1%3A0.156.14.3_1%3A0.156.14.4.diff.gz


Last Updated: 27 May 2016 10:49:37