Apt 0.8.16~exp5ubuntu13.x before 0.8.16~exp5ubuntu13.6, 0.8.16~exp12ubuntu10.x before 0.8.16~exp12ubuntu10.7, and 0.9.7.5ubuntu5.x before 0.9.7.5ubuntu5.2, as used in Ubuntu, uses world-readable permissions for /var/log/apt/term.log, which allows local users to obtain sensitive shell information by reading the log file.
References
Link | Resource |
---|---|
http://www.ubuntu.com/usn/USN-1662-1 | Patch Vendor Advisory |
http://www.securityfocus.com/bid/56917 | |
http://secunia.com/advisories/51568 | Vendor Advisory |
http://osvdb.org/88380 |
Configurations
Configuration 1 (hide)
|
Information
Published : 2012-12-26 14:55
Updated : 2020-01-08 07:13
NVD link : CVE-2012-0961
Mitre link : CVE-2012-0961
JSON object : View
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Products Affected
debian
- apt
- advanced_package_tool