Published: 30/04/2012 Updated: 19/12/2017

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Mumble 1.2.3 and previous versions uses world-readable permissions for .local/share/data/Mumble/.mumble.sqlite files in home directories, which might allow local users to obtain a cleartext password and configuration data by reading a file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mumble mumble
mumble mumble 1.2.2
mumble mumble 1.2.0

Debian Bug report logs - #659039 mumble: Mumble database is world-readable Package: mumble; Maintainer for mumble is Christopher Knadle <ChrisKnadle@coredumpus>; Source for mumble is src:mumble (PTS, buildd, popcon) Reported by: Marc Deslauriers <marcdeslauriers@ubuntucom> Date: Tue, 7 Feb 2012 16:21:01 UTC Sev ...

CWE-310 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659039 http://www.openwall.com/lists/oss-security/2012/02/15/1 http://www.debian.org/security/2012/dsa-2411 http://bugs.gentoo.org/show_bug.cgi?id=403939 https://bugzilla.redhat.com/show_bug.cgi?id=791000 http://www.openwall.com/lists/oss-security/2012/02/15/2 https://github.com/mumble-voip/mumble/commit/5632c35d6759f5e13a7dfe78e4ee6403ff6a8e3e https://bugs.launchpad.net/ubuntu/+source/mumble/+bug/783405 http://www.securityfocus.com/bid/52024 http://secunia.com/advisories/47951 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659039 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2012-0863

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect