Vulnerability Description
Absolute path traversal vulnerability in the org.debian.apt.UpdateCachePartially method in worker.py in Aptdaemon 0.40 in Ubuntu 10.10 and 11.04 allows local users to read arbitrary files via a full pathname in the sources_list argument, related to the D-Bus interface.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sebastian Heinlein | Aptdaemon | 0.40 |
| Canonical | Ubuntu Linux | 10.10 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/46490
- http://www.securitytracker.com/id?1025107
- http://www.ubuntu.com/usn/USN-1068-1Vendor Advisory
- http://www.vupen.com/english/advisories/2011/0459Vendor Advisory
- https://bugs.launchpad.net/bugs/722228
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65652
- http://www.securityfocus.com/bid/46490
- http://www.securitytracker.com/id?1025107
- http://www.ubuntu.com/usn/USN-1068-1Vendor Advisory
- http://www.vupen.com/english/advisories/2011/0459Vendor Advisory
- https://bugs.launchpad.net/bugs/722228
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65652
FAQ
What is CVE-2011-0725?
CVE-2011-0725 is a vulnerability with a CVSS score of 4.9 (MEDIUM). Absolute path traversal vulnerability in the org.debian.apt.UpdateCachePartially method in worker.py in Aptdaemon 0.40 in Ubuntu 10.10 and 11.04 allows local users to read arbitrary files via a full p...
How severe is CVE-2011-0725?
CVE-2011-0725 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-0725?
Check the references section above for vendor advisories and patch information. Affected products include: Sebastian Heinlein Aptdaemon, Canonical Ubuntu Linux.