CVE-2012-0948
low
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
2.1
Description
DistUpgrade/DistUpgradeMain.py in Update Manager, as used by Ubuntu 12.04 LTS, 11.10, and 11.04, uses weak permissions for (1) apt-clone_system_state.tar.gz and (2) system_state.tar.gz, which allows local users to obtain repository credentials.
Predictions
Exploit likelihood
20%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
OS impact
Ubuntu Affected 3 releases
| Version | Status | Fixed in |
|---|---|---|
| 12.04 | Affected | โ |
| 11.10 | Affected | โ |
| 11.04 | Affected | โ |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| gnome | update-manager-core | 0.150.5.2 | |
| gnome | update-manager-core | 0.152.25.10 | |
| gnome | update-manager-core | 0.156.14.3 | |
References
- http://launchpadlibrarian.net/105380733/update-manager_1%3A0.156.14.3_1%3A0.156.14.4.diff.gz
- http://osvdb.org/82019
- http://secunia.com/advisories/49230
- http://www.securityfocus.com/bid/53604
- http://www.ubuntu.com/usn/USN-1443-1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75727
- http://launchpadlibrarian.net/105380733/update-manager_1%3A0.156.14.3_1%3A0.156.14.4.diff.gz
- http://osvdb.org/82019
- http://secunia.com/advisories/49230
- http://www.securityfocus.com/bid/53604
- http://www.ubuntu.com/usn/USN-1443-1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75727
CWEs
CWE-264
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.