CVE-2013-1067

EUVD-2013-1107
Apport 2.12.5 and earlier uses weak permissions for core dump files created by setuid binaries, which allows local users to obtain sensitive information by reading the file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.9 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:C/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 12%
Affected Products (NVD)
VendorProductVersion
canonicalubuntu_linux
12.04
canonicalubuntu_linux
12.10
canonicalubuntu_linux
13.04
canonicalubuntu_linux
13.10
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
apport
lucid
ignored
precise
Fixed 2.0.1-0ubuntu17.6
released
quantal
Fixed 2.6.1-0ubuntu13
released
raring
Fixed 2.9.2-0ubuntu8.5
released
saucy
Fixed 2.12.5-0ubuntu2.1
released
Common Weakness Enumeration
References
http://www.ubuntu.com/usn/USN-2007-1
http://www.ubuntu.com/usn/USN-2007-1