CVE-2012-0948

Priority
Medium
Description
DistUpgrade/DistUpgradeMain.py in Update Manager, as used by Ubuntu 12.04
LTS, 11.10, and 11.04, uses weak permissions for (1)
apt-clone_system_state.tar.gz and (2) system_state.tar.gz, which allows
local users to obtain repository credentials.
References
Bugs
Assigned-to
mdeslaur
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):not-affected
Ubuntu 10.04 LTS (Lucid Lynx):not-affected
Ubuntu 11.04 (Natty Narwhal):released (1:0.150.5.3)
Ubuntu 11.10 (Oneiric Ocelot):released (1:0.152.25.11)
Ubuntu 12.04 LTS (Precise Pangolin):released (1:0.156.14.4)
Ubuntu 12.10 (Quantal Quetzal):not-affected (1:0.170)
More Information

Valid XHTML 1.0 Strict

Updated: 2012-09-04 14:14:24 UTC (commit 5702)