CVE-2012-0948
Published: 17 May 2012
DistUpgrade/DistUpgradeMain.py in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uses weak permissions for (1) apt-clone_system_state.tar.gz and (2) system_state.tar.gz, which allows local users to obtain repository credentials.
Priority
Status
Package | Release | Status |
---|---|---|
update-manager Launchpad, Ubuntu, Debian |
hardy |
Not vulnerable
|
lucid |
Not vulnerable
|
|
natty |
Released
(1:0.150.5.3)
|
|
oneiric |
Released
(1:0.152.25.11)
|
|
precise |
Released
(1:0.156.14.4)
|
|
upstream |
Needs triage
|