CVE-2012-0950

Ubuntu Linux - Unauthorized Exposure of Repository Credentials via Apport Hook

Title source: llm
STIX 2.1

Description

The Apport hook (DistUpgradeApport.py) in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uploads the /var/log/dist-upgrade directory when reporting bugs to Launchpad, which allows remote attackers to read repository credentials by viewing a public bug report. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0949.

References (2)

Core 2
Core References
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1443-2

Scores

EPSS 0.0178
EPSS Percentile 75.6%

Details

CWE
CWE-200
Status published
Products (3)
canonical/ubuntu_linux 11.04
canonical/ubuntu_linux 11.10
canonical/ubuntu_linux 12.04
Published Jun 19, 2012
Tracked Since Feb 18, 2026