6 matches found
The vulnerability of the Ubuntu operating system, which allows a hacker to load and execute arbitrary installation packages
The vulnerability of the Ubuntu operating system’s unattended upgrades is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to download and execute arbitrary installation packages when the force-control and force-confnew options are...
Unattended-upgrades File Checksum Bypass Remote Arbitrary Code Execution Vulnerability
unattended-upgrades is an automatic update program. The unattended-upgrades system fails to properly verify downloaded files if the 'force-confold' or 'force-confnew' dpkg option is enabled via the DPkg::Options:: apt configuration, allowing an attacker to modify the package file and execute...
Debian DSA-3297-1 : unattended-upgrades - security update
It was discovered that unattended-upgrades, a script for automatic installation of security upgrades, did not properly authenticate downloaded packages when the force-confold or force-confnew dpkg options were enabled via the DPkg::Options:: apt configuration. %NASLMINLEVEL 70300 C Tenable Networ...
CVE-2015-1330
unattended-upgrades before 0.86.1 does not properly authenticate packages when the 1 force-confold or 2 force-confnew dpkg options are enabled in the DPkg::Options:: apt configuration, which allows remote man-in-the-middle attackers to upload and execute arbitrary packages via unspecified vectors...
UBUNTU-CVE-2015-1330
unattended-upgrades before 0.86.1 does not properly authenticate packages when the 1 force-confold or 2 force-confnew dpkg options are enabled in the DPkg::Options:: apt configuration, which allows remote man-in-the-middle attackers to upload and execute arbitrary packages via unspecified vectors...
Debian: Security Advisory (DSA-3297-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...