*** This bug is a security vulnerability ***
You have been subscribed to a public security bug by Marc Deslauriers
(mdeslaur):
Binary package hint: aptdaemon
Starting from Ubuntu 10.10 aptdaemon shipped with Ubuntu allows normal
users to update APT cache without password prompt (because they granted
PolicyKit's org.debian.apt.update-cache action by default).
UpdateCachePartially method doesn't check "sources_list" argument
properly and it's possible to use it for viewing any file in the system.
See proof-of-concept python script for details.
How to test: login into normal ubuntu user, and run "python apt-hole
/etc/shadow" (for example) to see /etc/shadow content.
ProblemType: Bug
DistroRelease: Ubuntu 11.04
Package: python-aptdaemon 0.40+bzr541-0ubuntu2
ProcVersionSignature: Ubuntu 2.6.38-4.31-generic 2.6.38-rc5
Uname: Linux 2.6.38-4-generic x86_64
Architecture: amd64
Date: Sun Feb 20 20:00:09 2011
InstallationMedia: Ubuntu 10.04 "Lucid Lynx" - Beta amd64 (20100406.1)
PackageArchitecture: all
ProcEnviron:
LANGUAGE=ru:en
PATH=(custom, user)
LANG=ru_RU.UTF-8
LC_MESSAGES=ru_RU.UTF-8
SHELL=/bin/bash
SourcePackage: aptdaemon
** Affects: aptdaemon (Ubuntu)
Importance: Medium
Assignee: Michael Vogt (mvo)
Status: In Progress
** Affects: aptdaemon (Ubuntu Maverick)
Importance: Medium
Assignee: Marc Deslauriers (mdeslaur)
Status: Fix Released
** Affects: aptdaemon (Ubuntu Natty)
Importance: Medium
Assignee: Michael Vogt (mvo)
Status: In Progress
** Tags: maverick natty
--
Information disclosure in org.debian.apt.UpdateCachePartially
https://bugs.launchpad.net/bugs/722228
You received this bug notification because you are a member of Ubuntu Bugs,
which is a direct subscriber.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
