*** This bug is a security vulnerability *** You have been subscribed to a public security bug by Marc Deslauriers (mdeslaur):
Binary package hint: aptdaemon Starting from Ubuntu 10.10 aptdaemon shipped with Ubuntu allows normal users to update APT cache without password prompt (because they granted PolicyKit's org.debian.apt.update-cache action by default). UpdateCachePartially method doesn't check "sources_list" argument properly and it's possible to use it for viewing any file in the system. See proof-of-concept python script for details. How to test: login into normal ubuntu user, and run "python apt-hole /etc/shadow" (for example) to see /etc/shadow content. ProblemType: Bug DistroRelease: Ubuntu 11.04 Package: python-aptdaemon 0.40+bzr541-0ubuntu2 ProcVersionSignature: Ubuntu 2.6.38-4.31-generic 2.6.38-rc5 Uname: Linux 2.6.38-4-generic x86_64 Architecture: amd64 Date: Sun Feb 20 20:00:09 2011 InstallationMedia: Ubuntu 10.04 "Lucid Lynx" - Beta amd64 (20100406.1) PackageArchitecture: all ProcEnviron: LANGUAGE=ru:en PATH=(custom, user) LANG=ru_RU.UTF-8 LC_MESSAGES=ru_RU.UTF-8 SHELL=/bin/bash SourcePackage: aptdaemon ** Affects: aptdaemon (Ubuntu) Importance: Medium Assignee: Michael Vogt (mvo) Status: In Progress ** Affects: aptdaemon (Ubuntu Maverick) Importance: Medium Assignee: Marc Deslauriers (mdeslaur) Status: Fix Released ** Affects: aptdaemon (Ubuntu Natty) Importance: Medium Assignee: Michael Vogt (mvo) Status: In Progress ** Tags: maverick natty -- Information disclosure in org.debian.apt.UpdateCachePartially https://bugs.launchpad.net/bugs/722228 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs