Back to search
CVE-2008-3323
Published: Jul 28, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
setup.exe before 2.573.2.3 in Cygwin does not properly verify the authenticity of packages, which allows remote Cygwin mirror servers or man-in-the-middle attackers to execute arbitrary code via a package list containing the MD5 checksum of a Trojan horse package.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
ADV-2008-2321
vdb-entry
x_refsource_VUPEN
cygwin-setup-weak-security(44047)
vdb-entry
x_refsource_XF
20080725 SECOBJADV-2008-02: Cygwin Installation and Update Process can be Subverted Vulnerability
mailing-list
x_refsource_BUGTRAQ
https://bugzilla.redhat.com/show_bug.cgi?id=449929
x_refsource_MISC
30375
vdb-entry
x_refsource_BID
4051
third-party-advisory
x_refsource_SREASON
[cygwin-announce] 20080805 Updated: Setup.exe updated to version 2.573.2.3
mailing-list
x_refsource_MLIST
31271
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now