120 matches found
CVE-2011-3634
methods/https.cc in apt before 0.8.11 accepts connections when the certificate host name fails validation and Verify-Host is enabled, which allows man-in-the-middle attackers to obtain repository credentials via unspecified vectors...
CVE-2012-0950
The Apport hook DistUpgradeApport.py in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uploads the /var/log/dist-upgrade directory when reporting bugs to Launchpad, which allows remote attackers to read repository credentials by viewing a public bug report. NOTE: this vulnerabilit...
CVE-2012-0950
The CVE-2012-0950 vulnerability concerns the Apport hook (DistUpgradeApport.py) in Ubuntu Update Manager: when reporting bugs to Launchpad it uploads /var/log/dist-upgrade, potentially exposing repository credentials in a public bug report. This exists because of an incomplete fix for CVE-2012-09...
CVE-2012-0948
DistUpgrade/DistUpgradeMain.py in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uses weak permissions for 1 apt-clonesystemstate.tar.gz and 2 systemstate.tar.gz, which allows local users to obtain repository credentials...
Default credentials
DistUpgrade/DistUpgradeMain.py in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uses weak permissions for 1 apt-clonesystemstate.tar.gz and 2 systemstate.tar.gz, which allows local users to obtain repository credentials...
CVE-2012-0948
DistUpgrade/DistUpgradeMain.py in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uses weak permissions for 1 apt-clonesystemstate.tar.gz and 2 systemstate.tar.gz, which allows local users to obtain repository credentials...
CVE-2012-0948
CVE-2012-0948 affects Ubuntu’s Update Manager (DistUpgrade/DistUpgradeMain.py) used in Ubuntu 12.04 LTS, 11.10, and 11.04. The vulnerability arises from weak permissions on two archive files (apt-clone_system_state.tar.gz and system_state.tar.gz), allowing local users to read repository credentia...
USN-1443-2: Update Manager vulnerability
USN-1443-1 fixed vulnerabilities in Update Manager. The fix for CVE-2012-0949 was discovered to be incomplete. This update fixes the problem. Original advisory details: Felix Geyer discovered that the Update Manager Apport hook incorrectly uploaded certain system state archive files to Launchpad...
CVE-2012-0950
The Apport hook DistUpgradeApport.py in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uploads the /var/log/dist-upgrade directory when reporting bugs to Launchpad, which allows remote attackers to read repository credentials by viewing a public bug report. NOTE: this vulnerabilit...
CVE-2012-0949
The Apport hook in Update Manager as used by Ubuntu 12.04 LTS, 11.10, and 11.04 uploads certain system state archive files when reporting bugs to Launchpad, which allows remote attackers to read repository credentials by viewing a public bug report...
Design/Logic Flaw
The Apport hook in Update Manager as used by Ubuntu 12.04 LTS, 11.10, and 11.04 uploads certain system state archive files when reporting bugs to Launchpad, which allows remote attackers to read repository credentials by viewing a public bug report...
CVE-2012-0949
CVE-2012-0949 affects the Ubuntu Update Manager Apport hook (DistUpgradeApport.py) used in Ubuntu 12.04 LTS, 11.10 and 11.04. The vulnerability arises when reporting bugs to Launchpad, where certain system state archive files could be uploaded, allowing remote attackers to read repository credent...
CVE-2012-0949
The Apport hook in Update Manager as used by Ubuntu 12.04 LTS, 11.10, and 11.04 uploads certain system state archive files when reporting bugs to Launchpad, which allows remote attackers to read repository credentials by viewing a public bug report...
Ubuntu Update for update-manager USN-1443-1
Ubuntu Update for Linux kernel vulnerabilities USN-1443-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN14431.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for update-manager USN-1443-1 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.n...
Ubuntu: Security Advisory (USN-1443-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 11.04 / 11.10 / 12.04 LTS : update-manager vulnerabilities (USN-1443-1)
It was discovered that Update Manager created system state archive files with incorrect permissions when upgrading releases. A local user could possibly use this to read repository credentials. CVE-2012-0948 Felix Geyer discovered that the Update Manager Apport hook incorrectly uploaded certain...
CVE-2012-0948
DistUpgrade/DistUpgradeMain.py in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uses weak permissions for 1 apt-clonesystemstate.tar.gz and 2 systemstate.tar.gz, which allows local users to obtain repository credentials...
CVE-2012-0949
The Apport hook in Update Manager as used by Ubuntu 12.04 LTS, 11.10, and 11.04 uploads certain system state archive files when reporting bugs to Launchpad, which allows remote attackers to read repository credentials by viewing a public bug report...
Ubuntu: Security Advisory (USN-1283-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-1283-1: APT vulnerability
It was discovered that APT incorrectly handled the Verify-Host configuration option. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could potentially be used to steal repository credentials. This issue only affected Ubuntu 10.04 LTS and 10.10. CVE-2011-3634...