CVE-2012-0863 - Vulnerability Details - OpenCVE

Mumble 1.2.3 and earlier uses world-readable permissions for .local/share/data/Mumble/.mumble.sqlite files in home directories, which might allow local users to obtain a cleartext password and configuration data by reading a file.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mumble	Mumble

Configuration 1 [-]

OR	cpe:2.3:a:mumble:mumble::::::::
	cpe:2.3:a:mumble:mumble:1.2.0:::::::*
	cpe:2.3:a:mumble:mumble:1.2.2:::::::*

No data.

References

Link	Providers
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659039
http://bugs.gentoo.org/show_bug.cgi?id=403939
http://secunia.com/advisories/47951
http://www.debian.org/security/2012/dsa-2411
http://www.openwall.com/lists/oss-security/2012/02/15/1
http://www.openwall.com/lists/oss-security/2012/02/15/2
http://www.securityfocus.com/bid/52024
https://bugs.launchpad.net/ubuntu/+source/mumble/+bug/783405
https://bugzilla.redhat.com/show_bug.cgi?id=791000
https://github.com/mumble-voip/mumble/commit/5632c35d6759f5e13a7dfe78e4ee6403ff6a8e3e

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2012-04-30T14:00:00

Updated: 2024-08-06T18:38:14.842Z

Reserved: 2012-01-19T00:00:00

Link: CVE-2012-0863

Vulnrichment

No data.

NVD

Status : Modified

Published: 2012-04-30T14:55:02.657

Modified: 2024-11-21T01:35:52.027

Link: CVE-2012-0863

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-02-15T00:00:00", "descriptions": [{"lang": "en", "value": "Mumble 1.2.3 and earlier uses world-readable permissions for .local/share/data/Mumble/.mumble.sqlite files in home directories, which might allow local users to obtain a cleartext password and configuration data by reading a file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-12-18T19:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "52024", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/52024"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.launchpad.net/ubuntu/+source/mumble/+bug/783405"}, {"name": "[oss-security] 20120215 Re: CVE request: mumble local information disclosure", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/02/15/2"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/mumble-voip/mumble/commit/5632c35d6759f5e13a7dfe78e4ee6403ff6a8e3e"}, {"name": "DSA-2411", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2012/dsa-2411"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=403939"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=791000"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659039"}, {"name": "47951", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/47951"}, {"name": "[oss-security] 20120215 CVE request: mumble local information disclosure", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/02/15/1"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T18:38:14.842Z"}, "title": "CVE Program Container", "references": [{"name": "52024", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/52024"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.launchpad.net/ubuntu/+source/mumble/+bug/783405"}, {"name": "[oss-security] 20120215 Re: CVE request: mumble local information disclosure", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/02/15/2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/mumble-voip/mumble/commit/5632c35d6759f5e13a7dfe78e4ee6403ff6a8e3e"}, {"name": "DSA-2411", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2012/dsa-2411"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=403939"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=791000"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659039"}, {"name": "47951", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/47951"}, {"name": "[oss-security] 20120215 CVE request: mumble local information disclosure", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/02/15/1"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-0863", "datePublished": "2012-04-30T14:00:00", "dateReserved": "2012-01-19T00:00:00", "dateUpdated": "2024-08-06T18:38:14.842Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mumble:mumble:*:*:*:*:*:*:*:*", "matchCriteriaId": "F0708BEB-FDC4-4A23-9E5B-18A3CA6AAE11", "versionEndIncluding": "1.2.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:mumble:mumble:1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "980EAE3E-CB6A-4859-BA0E-BD59F3C0CB7A", "vulnerable": true}, {"criteria": "cpe:2.3:a:mumble:mumble:1.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "D3836E7A-B841-477D-9740-070C995722B4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Mumble 1.2.3 and earlier uses world-readable permissions for .local/share/data/Mumble/.mumble.sqlite files in home directories, which might allow local users to obtain a cleartext password and configuration data by reading a file."}, {"lang": "es", "value": "Mumble v1.2.3 y anteriores usa los permisos \"world-readable\" en los ficheros .local/share/data/Mumble/.mumble.sqlite en los directorios home, lo que podr\u00eda permitir a usuarios locales obtener una contrase\u00f1a en texto plano y los datos de configuraci\u00f3n mediante la lectura de dichos archivos."}], "id": "CVE-2012-0863", "lastModified": "2024-11-21T01:35:52.027", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-04-30T14:55:02.657", "references": [{"source": "secalert@redhat.com", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659039"}, {"source": "secalert@redhat.com", "url": "http://bugs.gentoo.org/show_bug.cgi?id=403939"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/47951"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2012/dsa-2411"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/02/15/1"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/02/15/2"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/52024"}, {"source": "secalert@redhat.com", "url": "https://bugs.launchpad.net/ubuntu/+source/mumble/+bug/783405"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=791000"}, {"source": "secalert@redhat.com", "url": "https://github.com/mumble-voip/mumble/commit/5632c35d6759f5e13a7dfe78e4ee6403ff6a8e3e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659039"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugs.gentoo.org/show_bug.cgi?id=403939"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/47951"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2012/dsa-2411"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2012/02/15/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2012/02/15/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/52024"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugs.launchpad.net/ubuntu/+source/mumble/+bug/783405"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=791000"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/mumble-voip/mumble/commit/5632c35d6759f5e13a7dfe78e4ee6403ff6a8e3e"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-310"}], "source": "nvd@nist.gov", "type": "Primary"}]}