CVE-2012-0950

The Apport hook (DistUpgradeApport.py) in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uploads the /var/log/dist-upgrade directory when reporting bugs to Launchpad, which allows remote attackers to read repository credentials by viewing a public bug report.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0949.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
canonicalCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
VendorProductVersion
canonicalubuntu_linux
11.04
canonicalubuntu_linux
11.10
canonicalubuntu_linux
12.04
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
update-manager
precise
Fixed 1:0.156.14.5
released
oneiric
Fixed 1:0.152.25.12
released
natty
Fixed 1:0.150.5.4
released
lucid
not-affected
hardy
not-affected
Common Weakness Enumeration
References
http://www.ubuntu.com/usn/USN-1443-2
https://bugs.launchpad.net/ubuntu/%2Bsource/update-manager/%2Bbug/1004503
http://www.ubuntu.com/usn/USN-1443-2
https://bugs.launchpad.net/ubuntu/%2Bsource/update-manager/%2Bbug/1004503