Information disclosure in Debian Advanced_package_tool

CVE-2012-0961

Apt 0.8.16~exp5ubuntu13.x before 0.8.16~exp5ubuntu13.6, 0.8.16~exp12ubuntu10.x before 0.8.16~exp12ubuntu10.7, and 0.9.7.5ubuntu5.x before 0.9.7.5ubuntu5.2, as used in Ubuntu, uses world-readable permissions for /var/log/apt/term.log, which…

Vulnerability class: Information Disclosure

EPSS: 0.004 (26.9th percentile) — read the EPSS interpretation.

Affected products

Debian Advanced_package_tool — versions 0.8.16
Debian Apt — versions 0.9.7
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

security@ubuntu.com (vdb-entry, x_refsource_BID)
security@ubuntu.com (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
security@ubuntu.com (x_refsource_UBUNTU, vendor-advisory, Patch, Vendor Advisory)
security@ubuntu.com (x_refsource_OSVDB, vdb-entry)