Vulnerability Description
The Apport hook in Update Manager as used by Ubuntu 12.04 LTS, 11.10, and 11.04 uploads certain system state archive files when reporting bugs to Launchpad, which allows remote attackers to read repository credentials by viewing a public bug report.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Canonical | Ubuntu Linux | 11.04 |
Related Weaknesses (CWE)
References
- http://osvdb.org/82020
- http://secunia.com/advisories/49230Vendor Advisory
- http://www.securityfocus.com/bid/53605
- http://www.ubuntu.com/usn/USN-1443-1Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75728
- http://osvdb.org/82020
- http://secunia.com/advisories/49230Vendor Advisory
- http://www.securityfocus.com/bid/53605
- http://www.ubuntu.com/usn/USN-1443-1Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75728
FAQ
What is CVE-2012-0949?
CVE-2012-0949 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The Apport hook in Update Manager as used by Ubuntu 12.04 LTS, 11.10, and 11.04 uploads certain system state archive files when reporting bugs to Launchpad, which allows remote attackers to read repos...
How severe is CVE-2012-0949?
CVE-2012-0949 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-0949?
Check the references section above for vendor advisories and patch information. Affected products include: Canonical Ubuntu Linux.