Search criteria
838 vulnerabilities found for Ubuntu by Ubuntu
CERTA-2013-AVI-188
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans Ubuntu Apache2. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 12.10",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 11.10",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 12.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 10.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 8.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-4557",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4557"
},
{
"name": "CVE-2012-4558",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4558"
},
{
"name": "CVE-2012-3499",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3499"
},
{
"name": "CVE-2013-1048",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1048"
}
],
"links": [],
"reference": "CERTA-2013-AVI-188",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2013-03-19T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eUbuntu Apache2\u003c/span\u003e. Certaines d\u0027entre elles permettent\n\u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance,\nun d\u00e9ni de service \u00e0 distance et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Ubuntu Apache2",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-1765-1 du 18 mars 2013",
"url": "http://www.ubuntu.com/usn/usn-1765-1/"
}
]
}
CERTA-2013-AVI-160
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été corrigée dans le composant Sudo de Ubuntu. Elle permet à un attaquant de provoquer une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 12.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 10.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 8.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2013-1775",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1775"
}
],
"links": [],
"reference": "CERTA-2013-AVI-160",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2013-03-01T00:00:00.000000"
}
],
"risks": [
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans le composant \u003cspan\nclass=\"textit\"\u003eSudo\u003c/span\u003e de \u003cspan class=\"textit\"\u003eUbuntu\u003c/span\u003e. Elle\npermet \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Ubuntu",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-1754-1 du 28 f\u00e9vrier 2013",
"url": "http://www.ubuntu.com/usn/usn-1754-1/"
}
]
}
CERTA-2012-AVI-048
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité présente dans Software Properties peut être utilisée par un attaquant afin d'installer des clés PPA GPG arbitraires.
Description
Une vulnérabilité existe dans le processus de validation du certificat serveur de Software Properties. Elle permet à un utilisateur distant malintentionné d'effectuer une attaque de type homme du milieu (man-in-the-middle) provoquant alors l'installation de clés GPG arbitraires.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 10.10 ;",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 11.10 ;",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 11.04 ;",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 10.04 LTS.",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 existe dans le processus de validation du certificat\nserveur de Software Properties. Elle permet \u00e0 un utilisateur distant\nmalintentionn\u00e9 d\u0027effectuer une attaque de type homme du milieu\n(man-in-the-middle) provoquant alors l\u0027installation de cl\u00e9s GPG\narbitraires.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-4407",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4407"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-1352-1 du 30 janvier 2012 :",
"url": "http://www.ubuntu.com/usn/usn-1352-1/"
}
],
"reference": "CERTA-2012-AVI-048",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-02-01T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 pr\u00e9sente dans \u003cspan class=\"textit\"\u003eSoftware\nProperties\u003c/span\u003e peut \u00eatre utilis\u00e9e par un attaquant afin d\u0027installer\ndes cl\u00e9s PPA GPG arbitraires.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Ubuntu Software Properties",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-1352-1 du 31 janvier 2012",
"url": null
}
]
}
CERTA-2011-AVI-711
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité dans le binaire bzexe inclus dans le paquet bzip2 permet à un utilisateur local d'élever ses privilèges.
Description
L'exécutable bzexe permet de compresser des exécutables « en ligne ». Une faille dans la création des fichiers temporaires lors de cette compression permet à un attaquant local d'élever ses privilèges en exploitant une situation de concurrence (« race condition »).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Ubuntu | Ubuntu | Paquet bzip2 version inférieures à 1.0.5-6ubuntu1.11.04.1 pour système Ubuntu 11.04 ; | ||
| Ubuntu | Ubuntu | Paquet bzip2 version inférieures à 1.0.5-4ubuntu0.2 pour système Ubuntu 10.04 LTS ; | ||
| Ubuntu | Ubuntu | Paquet bzip2 version inférieures à 1.0.5-6ubuntu1.11.10.1 pour système Ubuntu 11.10 ; | ||
| Ubuntu | Ubuntu | Paquet bzip2 version inférieures à 1.0.4-2ubuntu4.2 pour système Ubuntu 8.04 LTS. | ||
| Ubuntu | Ubuntu | Paquet bzip2 version inférieures à 1.0.5-4ubuntu1.1 pour système Ubuntu 10.10 ; |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Paquet bzip2 version inf\u00e9rieures \u00e0 1.0.5-6ubuntu1.11.04.1 pour syst\u00e8me Ubuntu 11.04 ;",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Paquet bzip2 version inf\u00e9rieures \u00e0 1.0.5-4ubuntu0.2 pour syst\u00e8me Ubuntu 10.04 LTS ;",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Paquet bzip2 version inf\u00e9rieures \u00e0 1.0.5-6ubuntu1.11.10.1 pour syst\u00e8me Ubuntu 11.10 ;",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Paquet bzip2 version inf\u00e9rieures \u00e0 1.0.4-2ubuntu4.2 pour syst\u00e8me Ubuntu 8.04 LTS.",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Paquet bzip2 version inf\u00e9rieures \u00e0 1.0.5-4ubuntu1.1 pour syst\u00e8me Ubuntu 10.10 ;",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nL\u0027ex\u00e9cutable bzexe permet de compresser des ex\u00e9cutables \u00ab en ligne \u00bb.\nUne faille dans la cr\u00e9ation des fichiers temporaires lors de cette\ncompression permet \u00e0 un attaquant local d\u0027\u00e9lever ses privil\u00e8ges en\nexploitant une situation de concurrence (\u00ab race condition \u00bb).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-4089",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4089"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-1308-1 du 14 d\u00e9cembre 2011 :",
"url": "http://www.ubuntu.com/usn/usn-1308-1/"
}
],
"reference": "CERTA-2011-AVI-711",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2011-12-21T00:00:00.000000"
}
],
"risks": [
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 dans le binaire \u003cspan class=\"textit\"\u003ebzexe\u003c/span\u003e\ninclus dans le paquet \u003cspan class=\"textit\"\u003ebzip2\u003c/span\u003e permet \u00e0 un\nutilisateur local d\u0027\u00e9lever ses privil\u00e8ges.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans bzexe",
"vendor_advisories": []
}
CERTA-2011-AVI-278
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité dans le paquet Ubuntu de usb-creator permet à un utilisateur malveillant d'effectuer des opérations non autorisées sur les points de montage de partitions.
Description
Les accès à une méthode exposée par le paquet Ubuntu d'usb-creator ne sont pas correctement validés. Un utilisateur malveillant peut ainsi effectuer des opérations non autorisées sur les disques, comme le démontage de partitions système.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 10.10 : paquet usb-creator versions inf\u00e9rieures \u00e0 0.2.25.3 ;",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 11.04 : paquet usb-creator versions inf\u00e9rieures \u00e0 0.2.28.3 ;",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 10.04 : paquet usb-creator versions inf\u00e9rieures \u00e0 0.2.22.3.",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nLes acc\u00e8s \u00e0 une m\u00e9thode expos\u00e9e par le paquet Ubuntu d\u0027usb-creator ne\nsont pas correctement valid\u00e9s. Un utilisateur malveillant peut ainsi\neffectuer des op\u00e9rations non autoris\u00e9es sur les disques, comme le\nd\u00e9montage de partitions syst\u00e8me.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-1828",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1828"
}
],
"links": [],
"reference": "CERTA-2011-AVI-278",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2011-05-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 dans le paquet Ubuntu de usb-creator permet \u00e0 un\nutilisateur malveillant d\u0027effectuer des op\u00e9rations non autoris\u00e9es sur\nles points de montage de partitions.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans le paquet Ubuntu usb-creator",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-1127-1 du 02 mai 2011",
"url": "http://www.ubuntulinux.org/usn/usn-1127-1"
}
]
}
CERTA-2011-AVI-273
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité permettant à une personne malintentionnée de déclencher un déni de service a été découverte dans Vino.
Description
Une vulnérabilité a été découverte dans Vino. Elle permet à un utilisateur malintentionné d'effectuer un déni de service via l'envoi de paquets spécialement conçus.
Solution
La version 2.32.1-0ubuntu2.1 du paquet Vino corrige ce problème pour
Ubuntu 11.04.
La version 2.32.0-0ubuntu1.2 du paquet Vino corrige ce problème pour
Ubuntu 10.10.
La version 2.28.2-0ubuntu2.1 du paquet Vino corrige ce problème pour
Ubuntu 10.04 LTS.
La version 2.22.2-0ubuntu1.1 du paquet Vino corrige ce problème pour
Ubuntu 8.04 LTS.
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des
correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 10.04 LTS ;",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 10.10 ;",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 11.4 ;",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 8.04 LTS.",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Vino. Elle permet \u00e0 un\nutilisateur malintentionn\u00e9 d\u0027effectuer un d\u00e9ni de service via l\u0027envoi de\npaquets sp\u00e9cialement con\u00e7us.\n\n## Solution\n\nLa version 2.32.1-0ubuntu2.1 du paquet Vino corrige ce probl\u00e8me pour\nUbuntu 11.04. \nLa version 2.32.0-0ubuntu1.2 du paquet Vino corrige ce probl\u00e8me pour\nUbuntu 10.10. \nLa version 2.28.2-0ubuntu2.1 du paquet Vino corrige ce probl\u00e8me pour\nUbuntu 10.04 LTS. \nLa version 2.22.2-0ubuntu1.1 du paquet Vino corrige ce probl\u00e8me pour\nUbuntu 8.04 LTS. \nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-0905",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0905"
},
{
"name": "CVE-2011-0904",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0904"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-1128-1 du 04 mai 2011 :",
"url": "http://www.ubuntulinux.org/usn/usn-1128-1"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fedora FEDORA-2011-6773 du 17 mai 2011 (vino-2.32.3-1.fc14) :",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060225.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Fedora FEDORA-2011-6778 du 17 mai 2011 (vino-2.28.3-1.fc13) :",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060233.html"
}
],
"reference": "CERTA-2011-AVI-273",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2011-05-04T00:00:00.000000"
},
{
"description": "ajout des correctifs Fedora.",
"revision_date": "2011-05-19T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 permettant \u00e0 une personne malintentionn\u00e9e de\nd\u00e9clencher un d\u00e9ni de service a \u00e9t\u00e9 d\u00e9couverte dans \u003cspan\nclass=\"textit\"\u003eVino\u003c/span\u003e.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Vino",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-1128-1 du 2 mai 2011",
"url": null
}
]
}
CERTA-2011-AVI-231
Vulnerability from certfr_avis - Published: - Updated:
Plusieurs vulnérabilités permettant une injection de code indirecte à distance ainsi qu'une attaque de type man-in-the-middle ont été découvertes dans kde4libs.
Description
Deux vulnérabilités ont été découvertes dans kde4libs.
La première (CVE-2011-1094) permet à une personne malintentionnée d'effectuer une attaque de type man-in-the-middle. Cette faille provient d'une mauvaise gestion des certificats SSL par le module KDE KSSL, lorsque que ces derniers ont été émis pour une adresse IP.
La seconde (CVE-2011-1168) permet d'injecter indirectement du code à distance. Le module KDE KHTML ne protège pas correctement les urls lors de la génération de pages d'erreur, autorisant ainsi un attaquant à injecter indirectement du code via une url spécialement conçue.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 10.04 LTS ;",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 10.10 ;",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 9.10.",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nDeux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans kde4libs.\n\nLa premi\u00e8re (CVE-2011-1094) permet \u00e0 une personne malintentionn\u00e9e\nd\u0027effectuer une attaque de type man-in-the-middle. Cette faille provient\nd\u0027une mauvaise gestion des certificats SSL par le module KDE KSSL,\nlorsque que ces derniers ont \u00e9t\u00e9 \u00e9mis pour une adresse IP.\n\nLa seconde (CVE-2011-1168) permet d\u0027injecter indirectement du code \u00e0\ndistance. Le module KDE KHTML ne prot\u00e8ge pas correctement les urls lors\nde la g\u00e9n\u00e9ration de pages d\u0027erreur, autorisant ainsi un attaquant \u00e0\ninjecter indirectement du code via une url sp\u00e9cialement con\u00e7ue.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-1094",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1094"
},
{
"name": "CVE-2011-1168",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1168"
}
],
"links": [],
"reference": "CERTA-2011-AVI-231",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2011-04-18T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Man-in-the-middle"
}
],
"summary": "Plusieurs vuln\u00e9rabilit\u00e9s permettant une injection de code indirecte \u00e0\ndistance ainsi qu\u0027une attaque de type \u003cspan\nclass=\"textit\"\u003eman-in-the-middle\u003c/span\u003e ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003ekde4libs\u003c/span\u003e.\n",
"title": "Vuln\u00e9rabilit\u00e9s dans kde4libs",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-1110-1",
"url": "http://www.ubuntulinux.org/usn/usn-1110-1"
}
]
}
CERTA-2010-AVI-304
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité présente dans les distributions Ubuntu permet à un utilisateur malintentionné d'élever ses privilèges.
Description
Une vulnérabilité est présente dans un des modules PAM des distributions GNU/Linux Ubuntu. Cette vulnérabilité permet à un utilisateur local malintentionné d'obtenir les privilèges de l'utilisateur root.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 10.04 LTS.",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 9.10 ;",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 est pr\u00e9sente dans un des modules PAM des distributions\nGNU/Linux Ubuntu. Cette vuln\u00e9rabilit\u00e9 permet \u00e0 un utilisateur local\nmalintentionn\u00e9 d\u0027obtenir les privil\u00e8ges de l\u0027utilisateur root.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"links": [],
"reference": "CERTA-2010-AVI-304",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2010-07-08T00:00:00.000000"
}
],
"risks": [
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 pr\u00e9sente dans les distributions Ubuntu permet \u00e0 un\nutilisateur malintentionn\u00e9 d\u0027\u00e9lever ses privil\u00e8ges.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Ubuntu",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-959-1 du 07 juillet 2010",
"url": "http://www.ubuntu.com/usn/usn-959-1"
}
]
}
CERTA-2010-AVI-028
Vulnerability from certfr_avis - Published: - Updated:
Deux vulnérabilités dans gzip permettent l'exécution de code arbitraire à distance.
Description
- Une vulnérabilité dans la décompression des blocs de données Huffman permet l'exécution de code arbitraire à distance ;
- une vulnérabilité liée à un débordement d'entier lors de la décompression de données compressées via l'algorithme Lempel-Ziv-Welch (LZW) permet l'exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité des éditeurs pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| N/A | N/A | GNU gzip (voir bulletin de l'éditeur). | ||
| Debian | N/A | gzip pour Debian (voir bulletin de l'éditeur) ; | ||
| N/A | N/A | gzip pour Mandriva (voir bulletin de l'éditeur) ; | ||
| Ubuntu | Ubuntu | gzip pour Ubuntu (voir bulletin de l'éditeur) ; | ||
| Red Hat | N/A | gzip pour Red Hat (voir bulletin de l'éditeur) ; |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "GNU gzip (voir bulletin de l\u0027\u00e9diteur).",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "gzip pour Debian (voir bulletin de l\u0027\u00e9diteur) ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Debian",
"scada": false
}
}
},
{
"description": "gzip pour Mandriva (voir bulletin de l\u0027\u00e9diteur) ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "gzip pour Ubuntu (voir bulletin de l\u0027\u00e9diteur) ;",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "gzip pour Red Hat (voir bulletin de l\u0027\u00e9diteur) ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\n- Une vuln\u00e9rabilit\u00e9 dans la d\u00e9compression des blocs de donn\u00e9es Huffman\n permet l\u0027ex\u00e9cution de code arbitraire \u00e0 distance ;\n- une vuln\u00e9rabilit\u00e9 li\u00e9e \u00e0 un d\u00e9bordement d\u0027entier lors de la\n d\u00e9compression de donn\u00e9es compress\u00e9es via l\u0027algorithme\n Lempel-Ziv-Welch (LZW) permet l\u0027ex\u00e9cution de code arbitraire \u00e0\n distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 des \u00e9diteurs pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2009-2624",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2624"
},
{
"name": "CVE-2010-0001",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0001"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDVSA-2010:020 du 20 janvier 2010 :",
"url": "http://www.mandriva.com/archives/security/advisories?name=MDVSA-2010:020"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-1974-1 du 20 janvier 2010 :",
"url": "http://www.debian.org/security/2010/dsa-1974"
},
{
"title": "Information de s\u00e9curit\u00e9 GNU : 3",
"url": "http://savannah.gnu.org/forum/forum.php?forum_id=615"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-889-1 du 20 janvier 2010 :",
"url": "http://www.ubuntulinux.org/usn/usn-889-1"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDVSA-2010:019 du 20 janvier 2010 :",
"url": "http://www.mandriva.com/archives/security/advisories?name=MDVSA-2010:019"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2010:0061 du 20 janvier 2010 :",
"url": "http://rhn.redhat.com/errata/RHSA-2010-0061.html"
}
],
"reference": "CERTA-2010-AVI-028",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2010-01-22T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Deux vuln\u00e9rabilit\u00e9s dans gzip permettent l\u0027ex\u00e9cution de code arbitraire\n\u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans gzip",
"vendor_advisories": [
{
"published_at": null,
"title": "Avis de s\u00e9curit\u00e9 Debian DSA-1974-1 du 20 janvier 2010",
"url": null
}
]
}
CERTA-2009-AVI-106
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité de KMail permet à un individu malveillant de contourner la politique de sécurité.
Description
Un défaut d'avertissement dans KMail lors du suivi d'un lien vers un fichier exécutable permet à un individu malveillant de contourner la politique de sécurité par le biais d'un courriel au format HTML spécialement construit.
Le CERTA rappelle que la lecture au format HTML des courriers électroniques n'est pas recommandée.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu version 6.06 LTS ;",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu version 7.10 ;",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu version 8.04 LTS ;",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu version 8.10.",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUn d\u00e9faut d\u0027avertissement dans KMail lors du suivi d\u0027un lien vers un\nfichier ex\u00e9cutable permet \u00e0 un individu malveillant de contourner la\npolitique de s\u00e9curit\u00e9 par le biais d\u0027un courriel au format HTML\nsp\u00e9cialement construit.\n\nLe CERTA rappelle que la lecture au format HTML des courriers\n\u00e9lectroniques n\u0027est pas recommand\u00e9e.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"links": [],
"reference": "CERTA-2009-AVI-106",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2009-03-18T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 de \u003cspan class=\"textit\"\u003eKMail\u003c/span\u003e permet \u00e0 un\nindividu malveillant de contourner la politique de s\u00e9curit\u00e9.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans KMail",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-725-1 du 26 f\u00e9vrier 2009",
"url": "http://www.ubuntulinux.org/usn/usn-725-1"
}
]
}
CERTA-2006-AVI-102
Vulnerability from certfr_avis - Published: - Updated:None
Description
Le code d'installation de la version Linux Ubuntu 5.10 (aussi appelée Breezy Badger) ne nettoie pas correctement les fichiers de commentaires lors de l'installation. Le mot de passe administrateur peut donc se retrouver en lecture dans le fichier /var/log/installer/cdebconf/questions.dat. Un utilisateur malveillant peut profiter de la lecture du mot de passe pour élever ses privilèges et exécuter localement des commandes.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation). Il est nécessaire de faire une mise à jour automatique, ou plus précisément installer les paquets base-config (2.67ubuntu20) et passwd (1:4.0.3-37ubuntu8).
NoneReferences
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 5.10 (Breezy Badger).",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nLe code d\u0027installation de la version Linux Ubuntu 5.10 (aussi appel\u00e9e\nBreezy Badger) ne nettoie pas correctement les fichiers de commentaires\nlors de l\u0027installation. Le mot de passe administrateur peut donc se\nretrouver en lecture dans le fichier\n/var/log/installer/cdebconf/questions.dat. Un utilisateur malveillant\npeut profiter de la lecture du mot de passe pour \u00e9lever ses privil\u00e8ges\net ex\u00e9cuter localement des commandes.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation). Il est n\u00e9cessaire de faire une\nmise \u00e0 jour automatique, ou plus pr\u00e9cis\u00e9ment installer les paquets\nbase-config (2.67ubuntu20) et passwd (1:4.0.3-37ubuntu8).\n",
"cves": [
{
"name": "CVE-2006-1183",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-1183"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-262-1 du 12 mars 2006 :",
"url": "http://www.ubuntulinux.org/usn/usn-262-1"
}
],
"reference": "CERTA-2006-AVI-102",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2006-03-13T00:00:00.000000"
}
],
"risks": [
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": null,
"title": "Vuln\u00e9rabilit\u00e9 dans l\u0027installation Ubuntu",
"vendor_advisories": [
{
"published_at": null,
"title": "Mise \u00e0 jour de s\u00e9curit\u00e9 Ubuntu",
"url": null
}
]
}
FKIE_CVE-2009-1296
Vulnerability from fkie_nvd - Published: 2009-06-09 20:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
The eCryptfs support utilities (ecryptfs-utils) 73-0ubuntu6.1 on Ubuntu 9.04 stores the mount passphrase in installation logs, which might allow local users to obtain access to the filesystem by reading the log files from disk. NOTE: the log files are only readable by root.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ubuntu | 73-oubuntu | 6.1 | |
| ubuntu | ubuntu | 9.0.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ubuntu:73-oubuntu:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8F6E6F4C-968E-475C-9BF1-4D34ABBA8BE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ubuntu:ubuntu:9.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "24066D17-EE95-4E06-9FAC-DA9B2227195F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The eCryptfs support utilities (ecryptfs-utils) 73-0ubuntu6.1 on Ubuntu 9.04 stores the mount passphrase in installation logs, which might allow local users to obtain access to the filesystem by reading the log files from disk. NOTE: the log files are only readable by root."
},
{
"lang": "es",
"value": "Las utilidades de soporte eCryptfs (ecryptfs-utils) 73-0ubuntu6.1 sobre Ubuntu v9.04, almacena almacena la \"passphrase\" de (frase clave) de montaje en los registros de instalaci\u00f3n, lo que podr\u00eda permitir a usuarios locales obtener acceso al sistema de ficheros mediante la lectura de los archivos de registro desde el disco. NOTA: los registros de archivos \u00fanicamente pueden ser le\u00eddos por el usuario root."
}
],
"id": "CVE-2009-1296",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-06-09T20:30:00.280",
"references": [
{
"source": "security@ubuntu.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35383"
},
{
"source": "security@ubuntu.com",
"url": "http://www.securitytracker.com/id?1022347"
},
{
"source": "security@ubuntu.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-783-1"
},
{
"source": "security@ubuntu.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51191"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35383"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022347"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-783-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51191"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vendorComments": [
{
"comment": "Not vulnerable. This issue did not affect the versions of ecryptfs-utils as shipped with Red Hat Enterprise Linux 5. eCryptfs encrypted home directories are not set up during the system installation, so theres no possibility for leaking encryption passwords to the installation log file.",
"lastModified": "2009-06-10T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-1295
Vulnerability from fkie_nvd - Published: 2009-04-30 20:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Apport before 0.108.4 on Ubuntu 8.04 LTS, before 0.119.2 on Ubuntu 8.10, and before 1.0-0ubuntu5.2 on Ubuntu 9.04 does not properly remove files from the application's crash-report directory, which allows local users to delete arbitrary files via unspecified vectors.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apport:apport:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE304688-05F0-4F7F-8664-E729B6FA5090",
"versionEndIncluding": "0.1.0.8.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ubuntu:ubuntu:8.0.4_lts:*:*:*:*:*:*:*",
"matchCriteriaId": "F9245826-44D6-432D-9447-025FD02431D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ubuntu:ubuntu:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8893D670-FF80-4297-8EF8-83C6CB165604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ubuntu:ubuntu:9.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "24066D17-EE95-4E06-9FAC-DA9B2227195F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apport before 0.108.4 on Ubuntu 8.04 LTS, before 0.119.2 on Ubuntu 8.10, and before 1.0-0ubuntu5.2 on Ubuntu 9.04 does not properly remove files from the application\u0027s crash-report directory, which allows local users to delete arbitrary files via unspecified vectors."
},
{
"lang": "es",
"value": "Apport anterior a v0.108.4 en Ubuntu v8.04 LTS, antes de v0.119.2 en Ubuntu v8.10, y antes de v1.0-0ubuntu5.2 en Ubuntu v9.04 no elimina adecuadamente los archivos del directorio crash-report,lo cual permite a los usuarios locales borrar archivos a su elecci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2009-1295",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-30T20:30:00.390",
"references": [
{
"source": "security@ubuntu.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"source": "security@ubuntu.com",
"url": "http://secunia.com/advisories/34947"
},
{
"source": "security@ubuntu.com",
"url": "http://secunia.com/advisories/34952"
},
{
"source": "security@ubuntu.com",
"url": "http://secunia.com/advisories/35065"
},
{
"source": "security@ubuntu.com",
"url": "http://www.securityfocus.com/bid/34776"
},
{
"source": "security@ubuntu.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-768-1"
},
{
"source": "security@ubuntu.com",
"tags": [
"Exploit"
],
"url": "https://bugs.launchpad.net/bugs/357024"
},
{
"source": "security@ubuntu.com",
"url": "https://launchpad.net/bugs/cve/2009-1295"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34947"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34952"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35065"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34776"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-768-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://bugs.launchpad.net/bugs/357024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://launchpad.net/bugs/cve/2009-1295"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-16"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2009-1296 (GCVE-0-2009-1296)
Vulnerability from cvelistv5 – Published: 2009-06-09 20:00 – Updated: 2024-08-07 05:04
VLAI?
Summary
The eCryptfs support utilities (ecryptfs-utils) 73-0ubuntu6.1 on Ubuntu 9.04 stores the mount passphrase in installation logs, which might allow local users to obtain access to the filesystem by reading the log files from disk. NOTE: the log files are only readable by root.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:04:49.427Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35383",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35383"
},
{
"name": "USN-783-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-783-1"
},
{
"name": "1022347",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022347"
},
{
"name": "ecryptfs-passphrase-info-disclosure(51191)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51191"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The eCryptfs support utilities (ecryptfs-utils) 73-0ubuntu6.1 on Ubuntu 9.04 stores the mount passphrase in installation logs, which might allow local users to obtain access to the filesystem by reading the log files from disk. NOTE: the log files are only readable by root."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "35383",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35383"
},
{
"name": "USN-783-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-783-1"
},
{
"name": "1022347",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022347"
},
{
"name": "ecryptfs-passphrase-info-disclosure(51191)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51191"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2009-1296",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The eCryptfs support utilities (ecryptfs-utils) 73-0ubuntu6.1 on Ubuntu 9.04 stores the mount passphrase in installation logs, which might allow local users to obtain access to the filesystem by reading the log files from disk. NOTE: the log files are only readable by root."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35383",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35383"
},
{
"name": "USN-783-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-783-1"
},
{
"name": "1022347",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022347"
},
{
"name": "ecryptfs-passphrase-info-disclosure(51191)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51191"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2009-1296",
"datePublished": "2009-06-09T20:00:00",
"dateReserved": "2009-04-15T00:00:00",
"dateUpdated": "2024-08-07T05:04:49.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1295 (GCVE-0-2009-1295)
Vulnerability from cvelistv5 – Published: 2009-04-30 20:00 – Updated: 2024-08-07 05:04
VLAI?
Summary
Apport before 0.108.4 on Ubuntu 8.04 LTS, before 0.119.2 on Ubuntu 8.10, and before 1.0-0ubuntu5.2 on Ubuntu 9.04 does not properly remove files from the application's crash-report directory, which allows local users to delete arbitrary files via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:04:49.485Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-768-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-768-1"
},
{
"name": "34947",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34947"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/bugs/cve/2009-1295"
},
{
"name": "34776",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34776"
},
{
"name": "35065",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35065"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/bugs/357024"
},
{
"name": "SUSE-SR:2009:010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"name": "34952",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34952"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apport before 0.108.4 on Ubuntu 8.04 LTS, before 0.119.2 on Ubuntu 8.10, and before 1.0-0ubuntu5.2 on Ubuntu 9.04 does not properly remove files from the application\u0027s crash-report directory, which allows local users to delete arbitrary files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-05-14T09:00:00",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "USN-768-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-768-1"
},
{
"name": "34947",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34947"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/bugs/cve/2009-1295"
},
{
"name": "34776",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34776"
},
{
"name": "35065",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35065"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/bugs/357024"
},
{
"name": "SUSE-SR:2009:010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"name": "34952",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34952"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2009-1295",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apport before 0.108.4 on Ubuntu 8.04 LTS, before 0.119.2 on Ubuntu 8.10, and before 1.0-0ubuntu5.2 on Ubuntu 9.04 does not properly remove files from the application\u0027s crash-report directory, which allows local users to delete arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-768-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-768-1"
},
{
"name": "34947",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34947"
},
{
"name": "https://launchpad.net/bugs/cve/2009-1295",
"refsource": "CONFIRM",
"url": "https://launchpad.net/bugs/cve/2009-1295"
},
{
"name": "34776",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34776"
},
{
"name": "35065",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35065"
},
{
"name": "https://bugs.launchpad.net/bugs/357024",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/bugs/357024"
},
{
"name": "SUSE-SR:2009:010",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"name": "34952",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34952"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2009-1295",
"datePublished": "2009-04-30T20:00:00",
"dateReserved": "2009-04-15T00:00:00",
"dateUpdated": "2024-08-07T05:04:49.485Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1296 (GCVE-0-2009-1296)
Vulnerability from nvd – Published: 2009-06-09 20:00 – Updated: 2024-08-07 05:04
VLAI?
Summary
The eCryptfs support utilities (ecryptfs-utils) 73-0ubuntu6.1 on Ubuntu 9.04 stores the mount passphrase in installation logs, which might allow local users to obtain access to the filesystem by reading the log files from disk. NOTE: the log files are only readable by root.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:04:49.427Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35383",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35383"
},
{
"name": "USN-783-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-783-1"
},
{
"name": "1022347",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022347"
},
{
"name": "ecryptfs-passphrase-info-disclosure(51191)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51191"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The eCryptfs support utilities (ecryptfs-utils) 73-0ubuntu6.1 on Ubuntu 9.04 stores the mount passphrase in installation logs, which might allow local users to obtain access to the filesystem by reading the log files from disk. NOTE: the log files are only readable by root."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "35383",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35383"
},
{
"name": "USN-783-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-783-1"
},
{
"name": "1022347",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022347"
},
{
"name": "ecryptfs-passphrase-info-disclosure(51191)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51191"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2009-1296",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The eCryptfs support utilities (ecryptfs-utils) 73-0ubuntu6.1 on Ubuntu 9.04 stores the mount passphrase in installation logs, which might allow local users to obtain access to the filesystem by reading the log files from disk. NOTE: the log files are only readable by root."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35383",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35383"
},
{
"name": "USN-783-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-783-1"
},
{
"name": "1022347",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022347"
},
{
"name": "ecryptfs-passphrase-info-disclosure(51191)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51191"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2009-1296",
"datePublished": "2009-06-09T20:00:00",
"dateReserved": "2009-04-15T00:00:00",
"dateUpdated": "2024-08-07T05:04:49.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1295 (GCVE-0-2009-1295)
Vulnerability from nvd – Published: 2009-04-30 20:00 – Updated: 2024-08-07 05:04
VLAI?
Summary
Apport before 0.108.4 on Ubuntu 8.04 LTS, before 0.119.2 on Ubuntu 8.10, and before 1.0-0ubuntu5.2 on Ubuntu 9.04 does not properly remove files from the application's crash-report directory, which allows local users to delete arbitrary files via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:04:49.485Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-768-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-768-1"
},
{
"name": "34947",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34947"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/bugs/cve/2009-1295"
},
{
"name": "34776",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34776"
},
{
"name": "35065",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35065"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/bugs/357024"
},
{
"name": "SUSE-SR:2009:010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"name": "34952",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34952"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apport before 0.108.4 on Ubuntu 8.04 LTS, before 0.119.2 on Ubuntu 8.10, and before 1.0-0ubuntu5.2 on Ubuntu 9.04 does not properly remove files from the application\u0027s crash-report directory, which allows local users to delete arbitrary files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-05-14T09:00:00",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "USN-768-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-768-1"
},
{
"name": "34947",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34947"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/bugs/cve/2009-1295"
},
{
"name": "34776",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34776"
},
{
"name": "35065",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35065"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/bugs/357024"
},
{
"name": "SUSE-SR:2009:010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"name": "34952",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34952"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2009-1295",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apport before 0.108.4 on Ubuntu 8.04 LTS, before 0.119.2 on Ubuntu 8.10, and before 1.0-0ubuntu5.2 on Ubuntu 9.04 does not properly remove files from the application\u0027s crash-report directory, which allows local users to delete arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-768-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-768-1"
},
{
"name": "34947",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34947"
},
{
"name": "https://launchpad.net/bugs/cve/2009-1295",
"refsource": "CONFIRM",
"url": "https://launchpad.net/bugs/cve/2009-1295"
},
{
"name": "34776",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34776"
},
{
"name": "35065",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35065"
},
{
"name": "https://bugs.launchpad.net/bugs/357024",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/bugs/357024"
},
{
"name": "SUSE-SR:2009:010",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"name": "34952",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34952"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2009-1295",
"datePublished": "2009-04-30T20:00:00",
"dateReserved": "2009-04-15T00:00:00",
"dateUpdated": "2024-08-07T05:04:49.485Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}