[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248038

 
 

909

 
 

194772

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2012-0948Date: (C)2012-06-07   (M)2023-12-22


DistUpgrade/DistUpgradeMain.py in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uses weak permissions for (1) apt-clone_system_state.tar.gz and (2) system_state.tar.gz, which allows local users to obtain repository credentials.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 2.1
Exploit Score: 3.9
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
SECUNIA-49230
BID-53604
OSVDB-82019
USN-1443-1
http://launchpadlibrarian.net/105380733/update-manager_1%3A0.156.14.3_1%3A0.156.14.4.diff.gz
update-manager-info-disclosure(75727)

CPE    6
cpe:/o:canonical:ubuntu_linux:12.04:-:lts
cpe:/o:canonical:ubuntu_linux:11.04
cpe:/a:gnome:update-manager-core:0.156.14.3
cpe:/o:canonical:ubuntu_linux:11.10
...
CWE    1
CWE-264
OVAL    1
oval:org.secpod.oval:def:700861

© SecPod Technologies