Ubuntu 4.10 : reportbug information disclosure (USN-88-1)

Ubuntu Security Notice (C) 2005-2013 Canonical, Inc. / NASL script (C) 2006-2013 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing a security-related patch.

Description :

Rolf Leggewie discovered two information disclosure bugs in reportbug.

The per-user configuration file ~/.reportbugrc was created
world-readable. If it contained email smarthost passwords, these were
readable by any other user on the computer storing the home directory.

reportbug usually includes the settings from ~/.reportbugrc in
generated bug reports. This included the 'smtppasswd' setting (the
password for an SMTP email smarthost) as well. The password is now
hidden from reports.

Solution :

Update the affected reportbug package.

Risk factor :

High

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 20713 ()

Bugtraq ID:

CVE ID: