7.6

CVE-2008-3323

setup.exe before 2.573.2.3 in Cygwin does not properly verify the authenticity of packages, which allows remote Cygwin mirror servers or man-in-the-middle attackers to execute arbitrary code via a package list containing the MD5 checksum of a Trojan horse package.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedhatCygwin Version <= 1.7
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.65% 0.836
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.6 4.9 10
AV:N/AC:H/Au:N/C:C/I:C/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://cygwin.com/ml/cygwin-announce/2008-08/msg00001.html
http://secunia.com/advisories/31271
http://securityreason.com/securityalert/4051
http://www.security-objectives.com/advisories/SECOBJADV-2008-02.txt
http://www.securityfocus.com/archive/1/494756/100/0/threaded
http://www.securityfocus.com/bid/30375
http://www.vupen.com/english/advisories/2008/2321
https://bugzilla.redhat.com/show_bug.cgi?id=449929
https://exchange.xforce.ibmcloud.com/vulnerabilities/44047