Executive Summary
| Summary | |
|---|---|
| Title | reportbug information disclosure |
| Informations | |||
|---|---|---|---|
| Name | USN-88-1 | First vendor Publication | 2005-02-28 |
| Vendor | Ubuntu | Last vendor Modification | 2005-02-28 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:L/Au:N/C:P/I:N/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 2.1 | Attack Range | Local |
| Cvss Impact Score | 2.9 | Attack Complexity | Low |
| Cvss Expoit Score | 3.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) The following packages are affected: reportbug The problem can be corrected by upgrading the affected package to version 2.62ubuntu1.1. In general, a standard system upgrade is sufficient to effect the necessary changes. However, if your users already have ~/.reportbugrc files with SMTP passwords, you need to manually change their permissions with chmod 600 .reportbugrc Details follow: Rolf Leggewie discovered two information disclosure bugs in reportbug. The per-user configuration file ~/.reportbugrc was created world-readable. If it contained email smarthost passwords, these were readable by any other user on the computer storing the home directory. reportbug usually includes the settings from ~/.reportbugrc in generated bug reports. This included the "smtppasswd" setting (the password for an SMTP email smarthost) as well. The password is now hidden from reports. |
Original Source
| Url : http://www.ubuntu.com/usn/USN-88-1 |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 3 |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 14245 | reportbug Report smtppasswd Setting Information Disclosure Reportbug contains a flaw that may allow a malicious user to read possibly sensitive information in the "reportbugrc" file. The issue exists because by default the file is world readable. It is possible that the flaw may allow loss of confidentiality since the file might contain the smtppasswd. |
| 14244 | reportbug .reportbugrc Permission Weakness Information Disclosure |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2006-01-15 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-88-1.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 12:06:29 |
|
