CVE-2011-3152
Published Apr 27, 2014
Last updated 7 years ago
Overview
- Description
- DistUpgrade/DistUpgradeFetcherCore.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 on Ubuntu 8.04 through 11.10 does not verify the GPG signature before extracting an upgrade tarball, which allows man-in-the-middle attackers to (1) create or overwrite arbitrary files via a directory traversal attack using a crafted tar file, or (2) bypass authentication via a crafted meta-release file.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.4
- Impact score
- 4.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-310
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:canonical:update-manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6E6222C1-BE30-494E-9956-37DCC11200A6",
"versionEndIncluding": "1\\:0.87.24"
},
{
"criteria": "cpe:2.3:a:canonical:update-manager:1\\:0.134.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3BC72F6F-A738-47DC-ACE0-C4D00AD6426E"
},
{
"criteria": "cpe:2.3:a:canonical:update-manager:1\\:0.142.19:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EA72C593-8B42-4683-BE81-E87CE26FDCF4"
},
{
"criteria": "cpe:2.3:a:canonical:update-manager:1\\:0.150:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EDDB1BE2-8F01-46C5-ABE1-7D4E4AF40B72"
},
{
"criteria": "cpe:2.3:a:canonical:update-manager:1\\:0.152.25:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ECE75579-DB27-4944-AB3F-BDC77A895E0A"
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:-:lts:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D6DFE2D3-46E2-4D0C-8508-30307D654560"
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7118F616-25CA-4E34-AA13-4D14BB62419F"
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "87614B58-24AB-49FB-9C84-E8DDBA16353B"
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EF49D26F-142E-468B-87C1-BABEA445255C"
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38"
}
],
"operator": "OR"
}
]
}
]