CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2012-0950

The Apport hook (DistUpgradeApport.py) in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uploads the /var/log/dist-upgrade directory when reporting bugs to Launchpad, which allows remote attackers to read repository credentials by viewing a public bug report. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0949.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 48.3%

CVSS Severity

CVSS v2 Score 5.0

References

http://www.ubuntu.com/usn/USN-1443-2
https://bugs.launchpad.net/ubuntu/%2Bsource/update-manager/%2Bbug/1004503
http://www.ubuntu.com/usn/USN-1443-2
https://bugs.launchpad.net/ubuntu/%2Bsource/update-manager/%2Bbug/1004503

Products affected by CVE-2012-0950

Canonical » Ubuntu Linux » Version: 11.04

cpe:2.3:o:canonical:ubuntu_linux:11.04
Canonical » Ubuntu Linux » Version: 11.10

cpe:2.3:o:canonical:ubuntu_linux:11.10
Canonical » Ubuntu Linux » Version: 12.04

cpe:2.3:o:canonical:ubuntu_linux:12.04

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2012-0950

Products

Pricing

Contact Us