PT-2012-2969 · Canonical · Update Manager+3

Felix Geyer

Publicado

2012-05-31

Atualizado

2017-08-29

CVE-2012-0949

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Ubuntu versions 11.04 through 12.04 LTS

Description The issue allows remote attackers to read repository credentials by viewing a public bug report, due to the Apport hook in Update Manager uploading certain system state archive files when reporting bugs to Launchpad.

Recommendations For Ubuntu versions 11.04 through 12.04 LTS, consider restricting access to the bug reporting feature in Launchpad to minimize the risk of exploitation. As a temporary workaround, avoid using the Apport hook in Update Manager until a patch is available.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2012-0949

Produtos afetados

Apport

Launchpad

Ubuntu

Update Manager

PT-2012-2969 · Canonical · Update Manager+3

CVE-2012-0949

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6