Information Disclosure in Update Manager for Ubuntu
CVE-2012-0948

Currently unrated

Key Information:

Vendor: Canonical
Status: Ubuntu Linux; Update-manager-core
Vendor: CVE Published:; 7 June 2012

Summary

An identified vulnerability in the Update Manager for specific versions of Ubuntu allows local users to exploit weak permissions on critical files, namely apt-clone_system_state.tar.gz and system_state.tar.gz. This exposure potentially permits unauthorized access to sensitive repository credentials, compromising the integrity of the system. Users are advised to review their permissions and apply recommended patches to safeguard their systems.

References

http://osvdb.org/82019

vdb-entryx_refsource_OSVDB

http://www.ubuntu.com/usn/USN-1443-1

vendor-advisoryx_refsource_UBUNTU

https://exchange.xforce.ibmcloud.com/vulnerabilities/75727

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Jun 7, 2012
Vulnerability Reserved
Feb 1, 2012