Information Disclosure Vulnerability in reportbug by Debian
CVE-2005-0624

Currently unrated

Key Information:

Vendor: Debian
Status: Reportbug
Vendor: CVE Published:; 28 February 2005

Summary

The reportbug tool in Debian prior to version 2.62 improperly sets permissions on the .reportbugrc configuration file, making it world-readable. This oversight allows local users to access sensitive information, such as email smarthost passwords stored within the configuration file. Securing this file's permissions is critical to prevent unauthorized access and protect user credentials from being disclosed.

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=295407

x_refsource_CONFIRM

https://bugzilla.ubuntu.com/show_bug.cgi?id=6600

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/19504

vdb-entryx_refsource_XF

Timeline

Vulnerability Reserved
Mar 2, 2005
Vulnerability published
Feb 28, 2005