Your submission was sent successfully! Close

CVE-2012-0948

Published: 17 May 2012

DistUpgrade/DistUpgradeMain.py in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uses weak permissions for (1) apt-clone_system_state.tar.gz and (2) system_state.tar.gz, which allows local users to obtain repository credentials.

Priority

Medium

Status

Package Release Status
update-manager
Launchpad, Ubuntu, Debian
hardy Not vulnerable

lucid Not vulnerable

natty
Released (1:0.150.5.3)
oneiric
Released (1:0.152.25.11)
precise
Released (1:0.156.14.4)
upstream Needs triage