CVE-2012-0948

Published Jun 7, 2012

Last updated 7 years ago

CVSS info 2.1

Overview

Description: DistUpgrade/DistUpgradeMain.py in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uses weak permissions for (1) apt-clone_system_state.tar.gz and (2) system_state.tar.gz, which allows local users to obtain repository credentials.
Source: security@ubuntu.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 2.1
Impact score: 2.9
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-264

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:gnome:update-manager-core:0.150.5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E36F19D1-0114-4E22-82D3-2977730FC3EC"
          },
          {
            "criteria": "cpe:2.3:a:gnome:update-manager-core:0.152.25.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9CE58ACB-6F92-45CF-B2C4-F52DD92B16E2"
          },
          {
            "criteria": "cpe:2.3:a:gnome:update-manager-core:0.156.14.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "86A7688F-C359-4712-A676-8348FAB326C8"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EF49D26F-142E-468B-87C1-BABEA445255C"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F5D324C4-97C7-49D3-A809-9EAD4B690C69"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References