Cryptographic Issues
CVE-2011-3152
Summary
DistUpgrade/DistUpgradeFetcherCore.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 on Ubuntu 8.04 through 11.10 does not verify the GPG signature before extracting an upgrade tarball, which allows man-in-the-middle attackers to (1) create or overwrite arbitrary files via a directory traversal attack using a crafted tar file, or (2) bypass authentication via a crafted meta-release file.
- LOW
- NETWORK
- NONE
- PARTIAL
- PARTIAL
- NONE
CWE-310 - Cryptographic Issues
Cryptographic issues is a category of weaknesses related to the design and implementation of the confidentiality and integrity of data. If not addressed, the weaknesses in this category can lead to data quality degradation.
References
Advisory Timeline
- Published