16 matches found
CVE-2005-4784
Multiple buffer overflows in the POSIX readdirr function, as used in multiple packages, allow local users to cause a denial of service and possibly execute arbitrary code via 1 a symlink attack that exploits a race condition between opendir and pathcon calls and changes the filesystem to one with...
Debian: Security Advisory (DSA-1394-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian Security Advisory DSA 1394-1 (reprepro)
The remote host is missing an update to reprepro announced via advisory DSA 1394-1. OpenVAS Vulnerability Test $Id: deb13941.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1394-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...
Debian DSA-1394-1 : reprepro - authentication bypass
It was discovered that reprepro, a tool to create a repository of Debian packages, only checks the validity of known signatures when updating from a remote site, and thus does not reject packages with only unknown signatures. This allows an attacker to bypass this authentication mechanism. The...
Debian Linux reprepro authentication bypass
Unkonwn package signatures are not checked...
[SECURITY] [DSA 1394-1] New reprepro packages fix authentication bypass
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1394-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst October 23rd, 2007 http://www.debian.org/security/faq -...
[SECURITY] [DSA 1394-1] New reprepro packages fix authentication bypass
-------------------------------------------------------------------------- Debian Security Advisory DSA 1394-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst October 23rd, 2007 http://www.debian.org/security/faq -...
DSA-1394-1 reprepro - authentication bypass
Bulletin has no description...
reprepro更新代码库签名验证绕过安全限制漏洞
BUGTRAQ ID: 25537 reprepro是用于处理debian软件包的本地代码库的工具。 reprepro在处理密钥交换时存在漏洞,远程攻击者可能利用此漏洞绕过验证。 在使用update命令升级代码库时reprepro只使用请求密钥验证签名,而请求密钥的签名根本不存在时也不会报告,因此会接收任何使用未知密钥签名的内容,这就导致不安全内容绕过了安全检查。 Bernhard R. Link reprepro 2.2.3 Bernhard R. Link reprepro 1.3.0-1 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
CVE-2007-4739
reprepro 1.3.0 through 2.2.3 does not properly verify signatures when updating repositories, which allows remote attackers to construct and distribute an ostensibly valid Release.gpg file by signing it with an unknown key, related to the update command...
Command injection
reprepro 1.3.0 through 2.2.3 does not properly verify signatures when updating repositories, which allows remote attackers to construct and distribute an ostensibly valid Release.gpg file by signing it with an unknown key, related to the update command...
CVE-2007-4739
reprepro 1.3.0 through 2.2.3 does not properly verify signatures when updating repositories, which allows remote attackers to construct and distribute an ostensibly valid Release.gpg file by signing it with an unknown key, related to the update command...
CVE-2007-4739
CVE-2007-4739 affects reprepro versions 1.3.0 through 2.2.3, where repository updates do not adequately verify signatures: it only validates known signatures and may accept unsigned/unknown signatures, allowing remote attackers to craft a seemingly valid Release.gpg file. The issue enables an aut...
CVE-2007-4739
reprepro 1.3.0 through 2.2.3 does not properly verify signatures when updating repositories, which allows remote attackers to construct and distribute an ostensibly valid Release.gpg file by signing it with an unknown key, related to the update command...
CVE-2007-4739
reprepro 1.3.0 through 2.2.3 does not properly verify signatures when updating repositories, which allows remote attackers to construct and distribute an ostensibly valid Release.gpg file by signing it with an unknown key, related to the update command...
CVE-2005-4784
Multiple buffer overflows in the POSIX readdirr function, as used in multiple packages, allow local users to cause a denial of service and possibly execute arbitrary code via 1 a symlink attack that exploits a race condition between opendir and pathcon calls and changes the filesystem to one with...