Lucene search

PRIOn knowledge basePRION:CVE-2015-1330

HistoryJul 01, 2015 - 2:59 p.m.

Code injection

2015-07-0114:59:00

PRIOn knowledge base

www.prio-n.com

7.6 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

50.8%

JSON

unattended-upgrades before 0.86.1 does not properly authenticate packages when the (1) force-confold or (2) force-confnew dpkg options are enabled in the DPkg::Options::* apt configuration, which allows remote man-in-the-middle attackers to upload and execute arbitrary packages via unspecified vectors.

CPENameOperatorVersion
ubuntu_linuxeq12.04
ubuntu_linuxeq14.10
ubuntu_linuxeq14.04
ubuntu_linuxeq15.04
unattended-upgradesle0.86

Name	Operator	Version
ubuntu_linux	eq	12.04
ubuntu_linux	eq	14.10
ubuntu_linux	eq	14.04
ubuntu_linux	eq	15.04
unattended-upgrades	le	0.86

References

metadata.ftp-master.debian.org/changelogs//main/u/unattended-upgrades/unattended-upgrades_0.86.1_changelog

www.debian.org/security/2015/dsa-3297

www.securitytracker.com/id/1032738

www.ubuntu.com/usn/USN-2657-1

7.6 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

50.8%

JSON

Related for PRION:CVE-2015-1330