Computer Security
[EN] securityvulns.ru no-pyccku


unattended-upgrades man-in-the-middle
Published:05.07.2015
Source:
SecurityVulns ID:14566
Type:m-i-t-m
Threat Level:
5/10
Description:Under some conditions package spoofing is possible.
Affected:DEBIAN : unattended-upgrades 0.86
CVE:CVE-2015-1330 (unattended-upgrades before 0.86.1 does not properly authenticate packages when the (1) force-confold or (2) force-confnew dpkg options are enabled in the DPkg::Options::* apt configuration, which allows remote man-in-the-middle attackers to upload and execute arbitrary packages via unspecified vectors.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 3297-1] unattended-upgrades security update (05.07.2015)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod