CVE-2007-4739

Published Sep 6, 2007

Last updated a year ago

CVSS info 5.0

Overview

Description: reprepro 1.3.0 through 2.2.3 does not properly verify signatures when updating repositories, which allows remote attackers to construct and distribute an ostensibly valid Release.gpg file by signing it with an unknown key, related to the update command.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-264

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:debian:reprepro:1.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AF51FF3A-E5BD-4AC3-B5BE-B3583DBE213E"
          },
          {
            "criteria": "cpe:2.3:a:debian:reprepro:1.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "427D517F-C1EA-4F34-8E14-C62E3E16D6BC"
          },
          {
            "criteria": "cpe:2.3:a:debian:reprepro:2.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "16F69381-5D63-40F2-B30C-EFA71E7A524F"
          },
          {
            "criteria": "cpe:2.3:a:debian:reprepro:2.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "97F01189-2103-4B4B-B97A-B254B498E8E4"
          },
          {
            "criteria": "cpe:2.3:a:debian:reprepro:2.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BAD1E9E7-7DE8-42D3-8035-534A49CC1712"
          },
          {
            "criteria": "cpe:2.3:a:debian:reprepro:2.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E9B816F9-9EF9-4B3D-9D82-EB4BCE104443"
          },
          {
            "criteria": "cpe:2.3:a:debian:reprepro:2.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "099041F0-34D0-4419-8074-43D94989E3FC"
          },
          {
            "criteria": "cpe:2.3:a:debian:reprepro:2.2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "59F2900C-DAA6-45F4-87A3-BF618501FF56"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References