PT-2012-2970 · Canonical · Launchpad+2

Marc Deslauriers

Published

2012-06-19

Updated

2012-06-26

CVE-2012-0950

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Update Manager versions used by Ubuntu 12.04 LTS, 11.10, and 11.04

Description The issue allows remote attackers to read repository credentials by viewing a public bug report, as the Apport hook in Update Manager uploads the /var/log/dist-upgrade directory when reporting bugs to Launchpad.

Recommendations For Ubuntu 12.04 LTS, 11.10, and 11.04, consider restricting access to the bug reporting feature in Update Manager until a proper fix is applied. As a temporary workaround, avoid using the Apport hook (DistUpgradeApport.py) in Update Manager for bug reporting until the issue is resolved.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2012-0950

Affected Products

Apport

Launchpad

Update Manager

PT-2012-2970 · Canonical · Launchpad+2

CVE-2012-0950

Weakness Enumeration

Related Identifiers

Affected Products

References · 3