2.1 CVE-2012-0961

Patch Ransomware Risk

 

Apt 0.8.16~exp5ubuntu13.x before 0.8.16~exp5ubuntu13.6, 0.8.16~exp12ubuntu10.x before 0.8.16~exp12ubuntu10.7, and 0.9.7.5ubuntu5.x before 0.9.7.5ubuntu5.2, as used in Ubuntu, uses world-readable permissions for /var/log/apt/term.log, which allows local users to obtain sensitive shell information by reading the log file.
https://nvd.nist.gov/vuln/detail/CVE-2012-0961

Categories

CWE-200 : Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. Developers may insert sensitive information that they do not believe, or they might forget to remove the sensitive information after it has been processed Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party This term is frequently used in vulnerability advisories to describe a consequence or technical impact, for any vulnerability that has a loss of confidentiality. Often, CWE-200 can be misused to represent the loss of confidentiality, even when the mistake - i.e., the weakness - is not directly related to the mishandling of the information itself, such as an out-of-bounds read that accesses sensitive memory contents; here, the out-of-bounds read is the primary weakness, not the disclosure of the memory. In addition, this phrase is also used frequently in policies and legal documents, but it does not refer to any disclosure of security-relevant information. This is a frequently used term, however the "leak" term has multiple uses within security. In some cases it deals with the accidental exposure of information from a different weakness, but in other cases (such as "memory leak"), this deals with improper tracking of resources, which can lead to exhaustion. As a result, CWE is actively avoiding usage of the "leak" term. Enumeration of valid usernames based on inconsistent responses Account number enumeration via inconsistent responses. User enumeration via discrepancies in error messages. Telnet protocol allows servers to obtain sensitive environment information from clients. Script calls phpinfo(), revealing system configuration to web user Product sets a different TTL when a port is being filtered than when it is not being filtered, which allows remote attackers to identify filtered ports by comparing TTLs. Version control system allows remote attackers to determine the existence of arbitrary files and directories via the -X command for an alternate history file, which causes different error messages to be returned. Virtual machine allows malicious web site operators to determine the existence of files on the client by measuring delays in the execution of the getSystemResource method. Product immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack. POP3 server reveals a password in an error message after multiple APOP commands are sent. Might be resultant from another weakness. Program reveals password in error message if attacker can trigger certain database errors. Composite: application running with high privileges (CWE-250) allows user to specify a restricted file to process, which generates a parsing error that leaks the contents of the file (CWE-209). Direct request to library file in web application triggers pathname leak in error message. Malformed regexp syntax leads to information exposure in error message. Password exposed in debug information. FTP client with debug option enabled shows password to the screen. Collaboration platform does not clear team emails in a response, allowing leak of email addresses

References

BID

OSVDB

SECUNIA

51568
Vendor Advisory

UBUNTU Patch

USN-1662-1
Patch Vendor Advisory


 

CPE

cpe start end
Configuration 1
cpe:2.3:a:debian:advanced_package_tool:0.8.16:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.9.7:*:*:*:*:*:*:*

Exploits

id description date
No known exploits

CAPEC

id description severity
79 Using Slashes in Alternate Encoding
High
169 Footprinting
Very Low
224 Fingerprinting
Very Low
285 ICMP Echo Request Ping
Low
287 TCP SYN Scan
Low
290 Enumerate Mail Exchange (MX) Records
Low
291 DNS Zone Transfers
Low
292 Host Discovery
Low
293 Traceroute Route Enumeration
Low
294 ICMP Address Mask Request
Low
295 Timestamp Request
Low
296 ICMP Information Request
Low
297 TCP ACK Ping
Low
298 UDP Ping
Low
299 TCP SYN Ping
Low
300 Port Scanning
Low
301 TCP Connect Scan
Low
302 TCP FIN Scan
Low
303 TCP Xmas Scan
Low
304 TCP Null Scan
Low
305 TCP ACK Scan
Low
306 TCP Window Scan
Low
307 TCP RPC Scan
Low
308 UDP Scan
Low
309 Network Topology Mapping
Low
310 Scanning for Vulnerable Software
Low
312 Active OS Fingerprinting
Low
313 Passive OS Fingerprinting
Low
317 IP ID Sequencing Probe
Low
318 IP 'ID' Echoed Byte-Order Probe
Low
319 IP (DF) 'Don't Fragment Bit' Echoing Probe
Low
320 TCP Timestamp Probe
Low
321 TCP Sequence Number Probe
Low
322 TCP (ISN) Greatest Common Divisor Probe
Low
323 TCP (ISN) Counter Rate Probe
Low
324 TCP (ISN) Sequence Predictability Probe
Low
325 TCP Congestion Control Flag (ECN) Probe
Low
326 TCP Initial Window Size Probe
Low
327 TCP Options Probe
Low
328 TCP 'RST' Flag Checksum Probe
Low
329 ICMP Error Message Quoting Probe
Low
330 ICMP Error Message Echoing Integrity Probe
Low
472 Browser Fingerprinting
Low
497 File Discovery
Very Low
573 Process Footprinting
Low
574 Services Footprinting
Low
575 Account Footprinting
Low
576 Group Permission Footprinting
Low
577 Owner Footprinting
Low
616 Establish Rogue Location
Medium
646 Peripheral Footprinting
Medium
651 Eavesdropping
Medium
116 Excavation
Medium
508 Shoulder Surfing
High
643 Identify Shared Files/Directories on System
Medium
22 Exploiting Trust in Client
High
59 Session Credential Falsification through Prediction
High
60 Reusing Session IDs (aka Session Replay)
High
13 Subverting Environment Variable Values
Very High

Sherlock® flash

Take a picture of your computer network in a few clicks !

The Sherlock® flash audit solution allows you to perform an audit to strengthen the security of your IT assets. Vulnerability analysis of your physical and virtual equipment. Patch planning by priority level and time available. Detailed and intuitive reporting.

Discover this offer

Sherlock® flash: 1st instant cybersecurity audit solution