Local Information Disclosure in Ubuntu APT Products
CVE-2012-0961

Currently unrated

Key Information:

Vendor: Debian
Status: Apt; Advanced Package Tool
Vendor: CVE Published:; 26 December 2012

Summary

This vulnerability in Ubuntu's APT package manager arises from misconfigured permissions of the /var/log/apt/term.log file, which is set to be world-readable. This oversight allows local users to gain unauthorized access to sensitive information stored in the log file, potentially exposing shell commands and other critical data executed by the APT system. Proper permissions should be enforced to mitigate the risk of information disclosure.

References

http://www.securityfocus.com/bid/56917

vdb-entryx_refsource_BID

http://secunia.com/advisories/51568

third-party-advisoryx_refsource_SECUNIA

http://www.ubuntu.com/usn/USN-1662-1

vendor-advisoryx_refsource_UBUNTU

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Dec 26, 2012