CVE-2012-0950
Ubuntu Linux - Unauthorized Exposure of Repository Credentials via Apport Hook
Title source: llmDescription
The Apport hook (DistUpgradeApport.py) in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uploads the /var/log/dist-upgrade directory when reporting bugs to Launchpad, which allows remote attackers to read repository credentials by viewing a public bug report. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0949.
References (2)
Core 2
Core References
Issue Tracking x_refsource_confirm
https://bugs.launchpad.net/ubuntu/%2Bsource/update-manager/%2Bbug/1004503
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1443-2
Scores
EPSS
0.0178
EPSS Percentile
75.6%
Details
CWE
CWE-200
Status
published
Products (3)
canonical/ubuntu_linux
11.04
canonical/ubuntu_linux
11.10
canonical/ubuntu_linux
12.04
Published
Jun 19, 2012
Tracked Since
Feb 18, 2026