CVE-2012-0961

NameCVE-2012-0961
DescriptionApt 0.8.16~exp5ubuntu13.x before 0.8.16~exp5ubuntu13.6, 0.8.16~exp12ubuntu10.x before 0.8.16~exp12ubuntu10.7, and 0.9.7.5ubuntu5.x before 0.9.7.5ubuntu5.2, as used in Ubuntu, uses world-readable permissions for /var/log/apt/term.log, which allows local users to obtain sensitive shell information by reading the log file.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitylow (attack range: local)
Debian Bugs695832

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
apt (PTS)jessie (security), jessie1.0.9.8.4fixed
stretch1.4.8fixed
buster, sid1.6.3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
aptsource(unstable)0.9.7.7low695832
aptsourcesqueeze(not affected)

Notes

[squeeze] - apt <not-affected> (Logged as 0600 in Squeeze)

Search for package or bug name: Reporting problems