695 matches found
CVE-2012-0950
The CVE-2012-0950 vulnerability concerns the Apport hook (DistUpgradeApport.py) in Ubuntu Update Manager: when reporting bugs to Launchpad it uploads /var/log/dist-upgrade, potentially exposing repository credentials in a public bug report. This exists because of an incomplete fix for CVE-2012-09...
CVE-2012-0950
The Apport hook DistUpgradeApport.py in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uploads the /var/log/dist-upgrade directory when reporting bugs to Launchpad, which allows remote attackers to read repository credentials by viewing a public bug report. NOTE: this vulnerabilit...
Design/Logic Flaw
The Apport hook in Update Manager as used by Ubuntu 12.04 LTS, 11.10, and 11.04 uploads certain system state archive files when reporting bugs to Launchpad, which allows remote attackers to read repository credentials by viewing a public bug report...
CVE-2012-0949
CVE-2012-0949 affects the Ubuntu Update Manager Apport hook (DistUpgradeApport.py) used in Ubuntu 12.04 LTS, 11.10 and 11.04. The vulnerability arises when reporting bugs to Launchpad, where certain system state archive files could be uploaded, allowing remote attackers to read repository credent...
Ubuntu 11.04 / 11.10 / 12.04 LTS : update-manager vulnerabilities (USN-1443-1)
It was discovered that Update Manager created system state archive files with incorrect permissions when upgrading releases. A local user could possibly use this to read repository credentials. CVE-2012-0948 Felix Geyer discovered that the Update Manager Apport hook incorrectly uploaded certain...
CVE-2012-0949
The Apport hook in Update Manager as used by Ubuntu 12.04 LTS, 11.10, and 11.04 uploads certain system state archive files when reporting bugs to Launchpad, which allows remote attackers to read repository credentials by viewing a public bug report...
openSUSE Security Update : apport (apport-816)
The apport crash watcher / handler suite contains a cron job that cleanes the world writeable /var/crash directory unsafely, allowing local attackers to remove random files on the system. CVE-2009-1295 This update fixes this. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive te...
Design/Logic Flaw
Apport before 0.108.4 on Ubuntu 8.04 LTS, before 0.119.2 on Ubuntu 8.10, and before 1.0-0ubuntu5.2 on Ubuntu 9.04 does not properly remove files from the application's crash-report directory, which allows local users to delete arbitrary files via unspecified vectors...
CVE-2009-1295
Apport before 0.108.4 on Ubuntu 8.04 LTS, before 0.119.2 on Ubuntu 8.10, and before 1.0-0ubuntu5.2 on Ubuntu 9.04 does not properly remove files from the application's crash-report directory, which allows local users to delete arbitrary files via unspecified vectors...
CVE-2009-1295
Apport before 0.108.4 on Ubuntu 8.04 LTS, before 0.119.2 on Ubuntu 8.10, and before 1.0-0ubuntu5.2 on Ubuntu 9.04 does not properly remove files from the application's crash-report directory, which allows local users to delete arbitrary files via unspecified vectors...
CVE-2009-1295
CVE-2009-1295 affects Apport crash reporter in Ubuntu 8.04/8.10/9.04 where the crash-report directory is not cleaned properly, allowing local users to delete arbitrary files via unspecified vectors. The issue is confirmed by multiple connected sources: Ubuntu USN-768-1 notes the affected Ubuntu r...
CVE-2009-1295
Apport before 0.108.4 on Ubuntu 8.04 LTS, before 0.119.2 on Ubuntu 8.10, and before 1.0-0ubuntu5.2 on Ubuntu 9.04 does not properly remove files from the application's crash-report directory, which allows local users to delete arbitrary files via unspecified vectors...
Ubuntu Apport本地任意文件删除漏洞
BUGTRAQ ID: 34776 Ubuntu是一款流行的Linux发行版本。 Ubuntu Apport不安全方式删除崩溃报告文件,本地攻击者可以利用漏洞删除任意文件,进行拒绝服务攻击。 目前没有详细漏洞细节提供。 Ubuntu Ubuntu Linux 9.04 sparc Ubuntu Ubuntu Linux 9.04 powerpc Ubuntu Ubuntu Linux 9.04 lpia Ubuntu Ubuntu Linux 9.04 i386 Ubuntu Ubuntu Linux 9.04 amd64 Ubuntu Ubuntu Linux 8.10 sparc...
Ubuntu 8.04 LTS / 8.10 / 9.04 : Apport vulnerability (USN-768-1)
Stephane Chazelas discovered that Apport did not safely remove files from its crash report directory. If Apport had been enabled at some point, a local attacker could remove arbitrary files from the system. Note that Tenable Network Security has extracted the preceding description block directly...
USN-768-1: Apport vulnerability
Stephane Chazelas discovered that Apport did not safely remove files from its crash report directory. If Apport had been enabled at some point, a local attacker could remove arbitrary files from the system...