Vulnerabilities > CVE-2012-0863 - Cryptographic Issues vulnerability in Mumble
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Mumble 1.2.3 and earlier uses world-readable permissions for .local/share/data/Mumble/.mumble.sqlite files in home directories, which might allow local users to obtain a cleartext password and configuration data by reading a file.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 12 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2012-8903.NASL description This update fixes a number of startup problems of the mumble server murmur. Additionally it contains a fix for CVE-2012-0863 (insecure world-readable permissions on database file) of the mumble client. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-06-20 plugin id 59574 published 2012-06-20 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/59574 title Fedora 17 : mumble-1.2.3-7.fc17.1 (2012-8903) NASL family Fedora Local Security Checks NASL id FEDORA_2012-8956.NASL description This update fixes a number of startup problems of the mumble server murmur. Additionally it contains a fix for CVE-2012-0863 (insecure world-readable permissions on database file) of the mumble client. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-06-20 plugin id 59575 published 2012-06-20 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/59575 title Fedora 16 : mumble-1.2.3-5.fc16.1 (2012-8956) NASL family SuSE Local Security Checks NASL id OPENSUSE-2012-127.NASL description - remove read permissions for other users on local sqlite database as it may contain passwords (bnc#747833, CVE-2012-0863) - don last seen 2020-06-05 modified 2014-06-13 plugin id 74552 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/74552 title openSUSE Security Update : mumble (openSUSE-2012-127) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2411.NASL description It was discovered that Mumble, a VoIP client, does not properly manage permissions on its user-specific configuration files, allowing other local users on the system to access them. last seen 2020-03-17 modified 2012-02-20 plugin id 58011 published 2012-02-20 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/58011 title Debian DSA-2411-1 : mumble - information disclosure NASL family Fedora Local Security Checks NASL id FEDORA_2012-8960.NASL description This update fixes a number of startup problems of the mumble server murmur. Additionally it contains a fix for CVE-2012-0863 (insecure world-readable permissions on database file) of the mumble client. Rebuild for newer protobuf Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-06-20 plugin id 59576 published 2012-06-20 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/59576 title Fedora 15 : mumble-1.2.3-4.fc15.1 (2012-8960)
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659039
- http://bugs.gentoo.org/show_bug.cgi?id=403939
- http://secunia.com/advisories/47951
- http://www.debian.org/security/2012/dsa-2411
- http://www.openwall.com/lists/oss-security/2012/02/15/1
- http://www.openwall.com/lists/oss-security/2012/02/15/2
- http://www.securityfocus.com/bid/52024
- https://bugs.launchpad.net/ubuntu/+source/mumble/+bug/783405
- https://bugzilla.redhat.com/show_bug.cgi?id=791000
- https://github.com/mumble-voip/mumble/commit/5632c35d6759f5e13a7dfe78e4ee6403ff6a8e3e