CVE-2015-3408

2015-05-1918:59:00

CWE-77

[email protected]

web.nvd.nist.gov

module

signature

remote attack

shell commands

vulnerability

cve-2015-3408

nvd

7.7 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.016 Low

EPSS

Percentile

87.3%

JSON

Module::Signature before 0.74 allows remote attackers to execute arbitrary shell commands via a crafted SIGNATURE file which is not properly handled when generating checksums from a signed manifest.

CPENameOperatorVersion
module-signature_project:module-signaturemodule-signature project module-signaturele0.73
canonical:ubuntu_linuxcanonical ubuntu linuxeq12.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq14.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq14.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq15.04

CPE	Name	Operator	Version
module-signature_project:module-signature	module-signature project module-signature	le	0.73
canonical:ubuntu_linux	canonical ubuntu linux	eq	12.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	14.10
canonical:ubuntu_linux	canonical ubuntu linux	eq	14.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	15.04