2.61

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

local

low complexity

debian

NVD

Published: 2005-02-28

Updated: 2017-07-11

Summary

reportbug before 2.62 creates the .reportbugrc configuration file with world-readable permissions, which allows local users to obtain email smarthost passwords.

Vulnerable Configurations

Part	Description	Count
Application	Debian Debian Reportbug 2.60 Debian Reportbug 2.61	2

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=295407
http://marc.info/?l=bugtraq&m=110972153627388&w=2
http://secunia.com/advisories/14422/
https://bugzilla.ubuntu.com/show_bug.cgi?id=6600
https://exchange.xforce.ibmcloud.com/vulnerabilities/19504