| 2011-02-20 17:16:33 |
Sergey Nizovtsev |
bug |
|
|
added bug |
| 2011-02-20 17:16:33 |
Sergey Nizovtsev |
attachment added |
|
apt-hole https://bugs.launchpad.net/bugs/722228/+attachment/1862186/+files/apt-hole |
|
| 2011-02-20 18:05:33 |
Marc Deslauriers |
aptdaemon (Ubuntu): status |
New |
Confirmed |
|
| 2011-02-20 18:05:37 |
Marc Deslauriers |
aptdaemon (Ubuntu): importance |
Undecided |
Medium |
|
| 2011-02-20 18:22:00 |
Marc Deslauriers |
nominated for series |
|
Ubuntu Maverick |
|
| 2011-02-20 18:22:00 |
Marc Deslauriers |
bug task added |
|
aptdaemon (Ubuntu Maverick) |
|
| 2011-02-20 18:22:00 |
Marc Deslauriers |
nominated for series |
|
Ubuntu Natty |
|
| 2011-02-20 18:22:00 |
Marc Deslauriers |
bug task added |
|
aptdaemon (Ubuntu Natty) |
|
| 2011-02-20 18:22:11 |
Marc Deslauriers |
aptdaemon (Ubuntu Maverick): status |
New |
Confirmed |
|
| 2011-02-20 18:22:15 |
Marc Deslauriers |
aptdaemon (Ubuntu Maverick): importance |
Undecided |
Medium |
|
| 2011-02-20 18:39:27 |
Kees Cook |
cve linked |
|
2011-0725 |
|
| 2011-02-21 12:42:17 |
Marc Deslauriers |
aptdaemon (Ubuntu Maverick): assignee |
|
Marc Deslauriers (mdeslaur) |
|
| 2011-02-21 12:42:29 |
Marc Deslauriers |
aptdaemon (Ubuntu Natty): assignee |
|
Michael Vogt (mvo) |
|
| 2011-02-21 12:42:37 |
Marc Deslauriers |
bug |
|
|
added subscriber Marc Deslauriers |
| 2011-02-21 12:42:44 |
Marc Deslauriers |
bug |
|
|
added subscriber Michael Vogt |
| 2011-02-21 13:36:38 |
Michael Vogt |
aptdaemon (Ubuntu Maverick): status |
Confirmed |
In Progress |
|
| 2011-02-21 13:36:39 |
Michael Vogt |
aptdaemon (Ubuntu Natty): status |
Confirmed |
In Progress |
|
| 2011-02-21 15:34:49 |
Michael Vogt |
attachment added |
|
proposed fix https://bugs.edge.launchpad.net/ubuntu/+bug/722228/+attachment/1864106/+files/aptdaemon_0.31%2Bbzr506-0ubuntu6.1.debdiff |
|
| 2011-02-22 09:15:17 |
Launchpad Janitor |
branch linked |
|
lp:aptdaemon |
|
| 2011-02-22 15:03:43 |
Launchpad Janitor |
aptdaemon (Ubuntu Maverick): status |
In Progress |
Fix Released |
|
| 2011-02-22 15:15:07 |
Marc Deslauriers |
visibility |
private |
public |
|
| 2011-02-22 15:15:12 |
Marc Deslauriers |
bug |
|
|
added subscriber Ubuntu Bugs |
| 2011-02-22 15:16:03 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/maverick-security/aptdaemon |
|
| 2011-02-22 15:30:40 |
Marc Deslauriers |
attachment removed |
apt-hole https://bugs.launchpad.net/ubuntu/+source/aptdaemon/+bug/722228/+attachment/1862186/+files/apt-hole |
|
|
| 2011-02-22 15:45:12 |
Launchpad Janitor |
aptdaemon (Ubuntu Natty): status |
In Progress |
Fix Released |
|
| 2011-02-22 15:50:54 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/aptdaemon |
|
| 2011-02-22 16:00:55 |
Launchpad Janitor |
branch linked |
|
lp:~aptdaemon-developers/aptdaemon/ubuntu-natty |
|
| 2011-08-11 10:55:15 |
akram |
aptdaemon (Ubuntu): assignee |
Michael Vogt (mvo) |
akram (awartany) |
|
| 2011-08-11 12:07:30 |
Marc Deslauriers |
aptdaemon (Ubuntu): assignee |
akram (awartany) |
Michael Vogt (mvo) |
|
| 2012-09-07 18:51:12 |
kent |
aptdaemon (Ubuntu): assignee |
Michael Vogt (mvo) |
kent (kentc34) |
|
| 2015-07-03 16:57:31 |
monty |
aptdaemon (Ubuntu): assignee |
kent (kentc34) |
monty (mantukumar359) |
|
| 2016-06-27 06:06:37 |
chuangwen |
description |
Binary package hint: aptdaemon
Starting from Ubuntu 10.10 aptdaemon shipped with Ubuntu allows normal users to update APT cache without password prompt (because they granted PolicyKit's org.debian.apt.update-cache action by default). UpdateCachePartially method doesn't check "sources_list" argument properly and it's possible to use it for viewing any file in the system. See proof-of-concept python script for details.
How to test: login into normal ubuntu user, and run "python apt-hole /etc/shadow" (for example) to see /etc/shadow content.
ProblemType: Bug
DistroRelease: Ubuntu 11.04
Package: python-aptdaemon 0.40+bzr541-0ubuntu2
ProcVersionSignature: Ubuntu 2.6.38-4.31-generic 2.6.38-rc5
Uname: Linux 2.6.38-4-generic x86_64
Architecture: amd64
Date: Sun Feb 20 20:00:09 2011
InstallationMedia: Ubuntu 10.04 "Lucid Lynx" - Beta amd64 (20100406.1)
PackageArchitecture: all
ProcEnviron:
LANGUAGE=ru:en
PATH=(custom, user)
LANG=ru_RU.UTF-8
LC_MESSAGES=ru_RU.UTF-8
SHELL=/bin/bash
SourcePackage: aptdaemon |
Binary package hint: aptdaemon
Starting from Ubuntu 10.10 aptdaemon shipped with Ubuntu allows normal users to update APT cache without password prompt (because they granted PolicyKit's org.debian.apt.update-cache action by default). UpdateCachePartially method doesn't check "sources_list" argument properly and it's possible to use it for viewing any file in the system. See proof-of-concept python script for details.
How to test: login into normal ubuntu user, and run "python apt-hole /etc/shadow" (for example) to see /etc/shadow content.
ProblemType: Bug
DistroRelease: Ubuntu 11.04
Package: python-aptdaemon 0.40+bzr541-0ubuntu2
ProcVersionSignature: Ubuntu 2.6.38-4.31-generic 2.6.38-rc5
Uname: Linux 2.6.38-4-generic x86_64
Architecture: amd64
Date: Sun Feb 20 20:00:09 2011
InstallationMedia: Ubuntu 10.04 "Lucid Lynx" - Beta amd64 (20100406.1)
PackageArchitecture: all
ProcEnviron:
LANGUAGE=ru:en
PATH=(custom, user)
LANG=ru_RU.UTF-8
LC_MESSAGES=ru_RU.UTF-8
SHELL=/bin/bash
SourcePackage: aptdaemon |
|
| 2020-01-04 01:25:36 |
jeffrey Ortiz |
aptdaemon (Ubuntu): assignee |
monty (mantukumar359) |
jeffrey Ortiz (jerfdog361) |
|
| 2020-11-29 07:25:34 |
morris st croix |
information type |
Public Security |
Private Security |
|
| 2020-11-29 07:25:50 |
morris st croix |
removed subscriber Michael Vogt |
|
|
|
| 2020-11-29 07:25:50 |
morris st croix |
removed subscriber Ubuntu Bugs |
|
|
|
| 2020-11-29 07:25:50 |
morris st croix |
removed subscriber akram |
|
|
|
| 2020-11-29 07:25:50 |
morris st croix |
removed subscriber monty |
|
|
|
| 2020-11-29 23:29:12 |
Alex Murray |
information type |
Private Security |
Public Security |
|
| 2020-11-29 23:29:33 |
Alex Murray |
aptdaemon (Ubuntu): assignee |
jeffrey Ortiz (jerfdog361) |
Michael Vogt (mvo) |
|
