Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0950

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-0950
Last Modified 26 Jun 2012 12:00:00
Published 19 Jun 2012 04:55:05
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-0950

Summary

The Apport hook (DistUpgradeApport.py) in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uploads the /var/log/dist-upgrade directory when reporting bugs to Launchpad, which allows remote attackers to read repository credentials by viewing a public bug report. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0949.

Vulnerable Systems

Operating System

  • Canonical Ubuntu Linux 11.04

  • Canonical Ubuntu Linux 11.10

  • Canonical Ubuntu Linux 12.04


References

CONFIRM - https://bugs.launchpad.net/ubuntu/%2Bsource/update-manager/%2Bbug/1004503

UBUNTU - USN-1443-2


Last Updated: 27 May 2016 10:56:32