CVE-2012-0949

EUVD-2012-0972
The Apport hook in Update Manager as used by Ubuntu 12.04 LTS, 11.10, and 11.04 uploads certain system state archive files when reporting bugs to Launchpad, which allows remote attackers to read repository credentials by viewing a public bug report.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 64%
Affected Products (NVD)
VendorProductVersion
canonicalubuntu_linux
11.04
canonicalubuntu_linux
11.10
canonicalubuntu_linux
12.04
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
update-manager
hardy
not-affected
lucid
not-affected
natty
Fixed 1:0.150.5.3
released
oneiric
Fixed 1:0.152.25.11
released
precise
Fixed 1:0.156.14.4
released
Common Weakness Enumeration
References
http://osvdb.org/82020
http://secunia.com/advisories/49230
http://www.securityfocus.com/bid/53605
http://www.ubuntu.com/usn/USN-1443-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/75728
http://osvdb.org/82020
http://secunia.com/advisories/49230
http://www.securityfocus.com/bid/53605
http://www.ubuntu.com/usn/USN-1443-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/75728