Information Disclosure Vulnerability in Update Manager

Information Disclosure Vulnerability in Update Manager

CVE-2012-0950 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

The Apport hook (DistUpgradeApport.py) in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uploads the /var/log/dist-upgrade directory when reporting bugs to Launchpad, which allows remote attackers to read repository credentials by viewing a public bug report. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0949.

Learn more about our Cis Benchmark Audit For Ubuntu Linux.