Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2011-1500

PreferencesPithosDialog.py in Pithos 0.3.7 does not properly restrict permissions for the .config/pithos.ini file in a user's home directory, which allows local users to obtain Pandora credentials by reading this file.

Related bugs and status

CVE-2011-1500 (Candidate) is related to these bugs:

Bug #733307: password stored in plaintext in $HOME/.config/pithos.ini

Summary				In	Importance	Status
	733307	password stored in plaintext in $HOME/.config/pithos.ini		Pithos	Low	Fix Released
	733307	password stored in plaintext in $HOME/.config/pithos.ini		pithos (Ubuntu)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2011040...
MLIST: [oss-security] 2011040...
CONFIRM: https://bugs.launchpad...
BID: 47300
SECUNIA: 44059
XF: pithos-pithos-info-dis...