Lucene search

PRIOn knowledge basePRION:CVE-2008-3323

HistoryJul 28, 2008 - 5:41 p.m.

Design/Logic Flaw

2008-07-2817:41:00

PRIOn knowledge base

www.prio-n.com

8 High

AI Score

Confidence

High

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.008 Low

EPSS

Percentile

81.3%

JSON

setup.exe before 2.573.2.3 in Cygwin does not properly verify the authenticity of packages, which allows remote Cygwin mirror servers or man-in-the-middle attackers to execute arbitrary code via a package list containing the MD5 checksum of a Trojan horse package.

CPENameOperatorVersion
cygwinle1.7

CPE	Name	Operator	Version
	cygwin	le	1.7

References

cygwin.com/ml/cygwin-announce/2008-08/msg00001.html

secunia.com/advisories/31271

securityreason.com/securityalert/4051

www.security-objectives.com/advisories/SECOBJADV-2008-02.txt

www.securityfocus.com/archive/1/494756/100/0/threaded

www.securityfocus.com/bid/30375

www.vupen.com/english/advisories/2008/2321

bugzilla.redhat.com/show_bug.cgi?id=449929

exchange.xforce.ibmcloud.com/vulnerabilities/44047

8 High

AI Score

Confidence

High

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.008 Low

EPSS

Percentile

81.3%

JSON

Related for PRION:CVE-2008-3323