Vulnerability Description
DistUpgrade/DistUpgradeMain.py in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uses weak permissions for (1) apt-clone_system_state.tar.gz and (2) system_state.tar.gz, which allows local users to obtain repository credentials.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnome | Update-Manager-Core | 0.150.5.2 |
| Canonical | Ubuntu Linux | 11.04 |
Related Weaknesses (CWE)
References
- http://launchpadlibrarian.net/105380733/update-manager_1%3A0.156.14.3_1%3A0.156.
- http://osvdb.org/82019
- http://secunia.com/advisories/49230Vendor Advisory
- http://www.securityfocus.com/bid/53604
- http://www.ubuntu.com/usn/USN-1443-1Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75727
- http://launchpadlibrarian.net/105380733/update-manager_1%3A0.156.14.3_1%3A0.156.
- http://osvdb.org/82019
- http://secunia.com/advisories/49230Vendor Advisory
- http://www.securityfocus.com/bid/53604
- http://www.ubuntu.com/usn/USN-1443-1Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75727
FAQ
What is CVE-2012-0948?
CVE-2012-0948 is a vulnerability with a CVSS score of 2.1 (LOW). DistUpgrade/DistUpgradeMain.py in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uses weak permissions for (1) apt-clone_system_state.tar.gz and (2) system_state.tar.gz, which allows l...
How severe is CVE-2012-0948?
CVE-2012-0948 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-0948?
Check the references section above for vendor advisories and patch information. Affected products include: Gnome Update-Manager-Core, Canonical Ubuntu Linux.