PT-2012-2969 · Canonical · Update Manager+3

Felix Geyer

Published

2012-05-31

Updated

2017-08-29

CVE-2012-0949

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Ubuntu versions 11.04 through 12.04 LTS

Description The issue allows remote attackers to read repository credentials by viewing a public bug report, due to the Apport hook in Update Manager uploading certain system state archive files when reporting bugs to Launchpad.

Recommendations For Ubuntu versions 11.04 through 12.04 LTS, consider restricting access to the bug reporting feature in Launchpad to minimize the risk of exploitation. As a temporary workaround, avoid using the Apport hook in Update Manager until a patch is available.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2012-0949

Affected Products

Apport

Launchpad

Ubuntu

Update Manager

PT-2012-2969 · Canonical · Update Manager+3

CVE-2012-0949

Weakness Enumeration

Related Identifiers

Affected Products

References · 6