Apt 0.8.16~exp5ubuntu13.x before 0.8.16~exp5ubuntu13.6, 0.8.16~exp12ubuntu10.x before 0.8.16~exp12ubuntu10.7, and 0.9.7.5ubuntu5.x before 0.9.7.5ubuntu5.2, as used in Ubuntu, uses world-readable permissions for /var/log/apt/term.log, which allows local users to obtain sensitive shell information by reading the log file.
References
Link | Resource |
---|---|
http://osvdb.org/88380 | |
http://secunia.com/advisories/51568 | Vendor Advisory |
http://www.securityfocus.com/bid/56917 | |
http://www.ubuntu.com/usn/USN-1662-1 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2012-12-26 22:55
Updated : 2024-02-28 12:00
NVD link : CVE-2012-0961
Mitre link : CVE-2012-0961
CVE.ORG link : CVE-2012-0961
JSON object : View
Products Affected
debian
- advanced_package_tool
- apt
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor