Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.71677
Category:Ubuntu Local Security Checks
Title:Ubuntu USN-1443-1 (update-manager-core)
Summary:NOSUMMARY
Description:Description:
The remote host is missing an update to update-manager-core
announced via advisory USN-1443-1.

Details:

It was discovered that Update Manager created system state archive files
with incorrect permissions when upgrading releases. A local user could
possibly use this to read repository credentials. (CVE-2012-0948)

Felix Geyer discovered that the Update Manager Apport hook incorrectly
uploaded certain system state archive files to Launchpad when reporting
bugs. This could possibly result in repository credentials being included
in public bug reports. (CVE-2012-0949)

Solution:
The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.10:
update-manager-core 1:0.152.25.11

Ubuntu 11.04:
update-manager-core 1:0.150.5.3

http://www.securityspace.com/smysecure/catid.html?in=USN-1443-1

CVSS Score:
5.0

CVSS Vector:
AV:L/AC:L/Au:NR/C:P/I:N/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2012-0948
BugTraq ID: 53604
http://www.securityfocus.com/bid/53604
http://osvdb.org/82019
http://secunia.com/advisories/49230
http://www.ubuntu.com/usn/USN-1443-1
XForce ISS Database: update-manager-info-disclosure(75727)
https://exchange.xforce.ibmcloud.com/vulnerabilities/75727
Common Vulnerability Exposure (CVE) ID: CVE-2012-0949
BugTraq ID: 53605
http://www.securityfocus.com/bid/53605
http://osvdb.org/82020
XForce ISS Database: update-manager-archives-info-disclosure(75728)
https://exchange.xforce.ibmcloud.com/vulnerabilities/75728
CopyrightCopyright (c) 2012 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.