CVE-2012-0961

CWE-200 — Information Exposure6 documents6 sources

Severity

2.1LOW

EPSS

0.1%

top 83.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Advanced Package Tool Debian APT

Timeline

PublishedDec 26

Latest updateMay 13

Description

Apt 0.8.16~exp5ubuntu13.x before 0.8.16~exp5ubuntu13.6, 0.8.16~exp12ubuntu10.x before 0.8.16~exp12ubuntu10.7, and 0.9.7.5ubuntu5.x before 0.9.7.5ubuntu5.2, as used in Ubuntu, uses world-readable permissions for /var/log/apt/term.log, which allows local users to obtain sensitive shell information by reading the log file.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages3 packages

▶Debianapt< 0.9.7.7+3

▶NVDdebian/apt0.9.7

▶NVDdebian/advanced_package_tool0.8.16

Patches

Patch: www.ubuntu.com ↗Patch: www.ubuntu.com ↗

🔴Vulnerability Details

GHSA

GHSA-xq9m-84rg-77f9: Apt 0↗2022-05-13

▶

CVEList

CVE-2012-0961: Apt 0↗2012-12-26

▶

OSV

CVE-2012-0961: Apt 0↗2012-12-26

▶

📋Vendor Advisories

Ubuntu

APT vulnerability↗2012-12-12

▶

Debian

CVE-2012-0961: apt - Apt 0.8.16~exp5ubuntu13.x before 0.8.16~exp5ubuntu13.6, 0.8.16~exp12ubuntu10.x b...↗2012

▶