Launchpad.net

CVE 2012-0961

Apt 0.8.16~exp5ubuntu13.x before 0.8.16~exp5ubuntu13.6, 0.8.16~exp12ubuntu10.x before 0.8.16~exp12ubuntu10.7, and 0.9.7.5ubuntu5.x before 0.9.7.5ubuntu5.2, as used in Ubuntu, uses world-readable permissions for /var/log/apt/term.log, which allows local users to obtain sensitive shell information by reading the log file.

Related bugs and status

CVE-2012-0961 (Candidate) is related to these bugs:

Bug #975199: term.log is world readable and shouldn't be

		In	Importance	Status
975199	term.log is world readable and shouldn't be	apt (Ubuntu)	Undecided	Fix Released
975199	term.log is world readable and shouldn't be	apt (Ubuntu Oneiric)	Undecided	Fix Released
975199	term.log is world readable and shouldn't be	apt (Ubuntu Precise)	Undecided	Fix Released
975199	term.log is world readable and shouldn't be	apt (Ubuntu Quantal)	Undecided	Fix Released
975199	term.log is world readable and shouldn't be	apt (Ubuntu Raring)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

UBUNTU: USN-1662-1
BID: 56917
OSVDB: 88380
SECUNIA: 51568