CVE-2012-0949: Infoleak
First published: Thu May 31 2012(Updated: )
The Apport hook in Update Manager as used by Ubuntu 12.04 LTS, 11.10, and 11.04 uploads certain system state archive files when reporting bugs to Launchpad, which allows remote attackers to read repository credentials by viewing a public bug report.
Credit: security@ubuntu.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ubuntu | =11.04 | |
| Ubuntu | =11.10 | |
| Ubuntu | =12.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2012-0949?
CVE-2012-0949 is considered a medium severity vulnerability due to the potential exposure of sensitive information.
How do I fix CVE-2012-0949?
To fix CVE-2012-0949, users should upgrade to a patched version of Ubuntu that eliminates the insecure behavior in the Apport hook.
What systems are affected by CVE-2012-0949?
CVE-2012-0949 affects Ubuntu versions 11.04, 11.10, and 12.04 LTS.
What type of vulnerability is CVE-2012-0949?
CVE-2012-0949 is an information disclosure vulnerability that allows remote attackers to read sensitive data.
Can I report CVE-2012-0949 if I encounter it in my system?
Yes, you should report CVE-2012-0949 to the appropriate security channels or the Ubuntu security team for further investigation.
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/severity
- agent/author
- agent/weakness
- agent/references
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/11.04
- version/ubuntu/11.10
- version/ubuntu/12.04