The Apport hook (DistUpgradeApport.py) in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uploads the /var/log/dist-upgrade directory when reporting bugs to Launchpad, which allows remote attackers to read repository credentials by viewing a public bug report. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0949.
References
Link | Resource |
---|---|
https://bugs.launchpad.net/ubuntu/%2Bsource/update-manager/%2Bbug/1004503 | |
http://www.ubuntu.com/usn/USN-1443-2 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2012-06-19 13:55
Updated : 2012-06-25 21:00
NVD link : CVE-2012-0950
Mitre link : CVE-2012-0950
JSON object : View
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Products Affected
canonical
- ubuntu_linux