QwikSec

Security Database

CVE

CWE

Training

CVE-2015-1330

Published: Jul 1, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

unattended-upgrades before 0.86.1 does not properly authenticate packages when the (1) force-confold or (2) force-confnew dpkg options are enabled in the DPkg::Options::* apt configuration, which allows remote man-in-the-middle attackers to upload and execute arbitrary packages via unspecified vectors.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://metadata.ftp-master.debian.org/changelogs//main/u/unattended-upgrades/unattended-upgrades_0.86.1_changelog

x_refsource_CONFIRM

vdb-entry

x_refsource_SECTRACK

vendor-advisory

x_refsource_DEBIAN

vendor-advisory

x_refsource_UBUNTU

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.