6.4

CVE-2011-3152

EPSS 0.44%
Veröffentlicht 27.04.2014 20:55:23
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

DistUpgrade/DistUpgradeFetcherCore.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 on Ubuntu 8.04 through 11.10 does not verify the GPG signature before extracting an upgrade tarball, which allows man-in-the-middle attackers to (1) create or overwrite arbitrary files via a directory traversal attack using a crafted tar file, or (2) bypass authentication via a crafted meta-release file.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Canonical ≫ Update-manager Version <= 1\:0.87.24

Canonical ≫ Ubuntu Linux Version8.04 Update- Editionlts

Canonical ≫ Ubuntu Linux Version10.04 Update- Editionlts

Canonical ≫ Ubuntu Linux Version10.10

Canonical ≫ Ubuntu Linux Version11.04

Canonical ≫ Ubuntu Linux Version11.10

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.44%	0.601

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.4	10	4.9	AV:N/AC:L/Au:N/C:P/I:P/A:N

http://secunia.com/advisories/47024

http://www.ubuntu.com/usn/USN-1284-1

Vendor Advisory

http://www.osvdb.org/77642

http://www.securityfocus.com/bid/50833

https://bugs.launchpad.net/ubuntu/%2Bsource/update-manager/%2Bbug/881548

https://exchange.xforce.ibmcloud.com/vulnerabilities/71494

https://nvd.nist.gov/vuln/detail/CVE-2011-3152

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-3152

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-3152

EUVD