Lucene search
UbuntuUSN-412-1HistoryJan 24, 2007 - 12:00 a.m.
GeoIP vulnerability
2007-01-2400:00:00
ubuntu.com
30
6.5 Medium
AI Score
Confidence
Low
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
0.024 Low
EPSS
Percentile
89.9%
Releases
- Ubuntu 6.10
- Ubuntu 6.06
- Ubuntu 5.10
Details
Dean Gaudet discovered that the GeoIP update tool did not validate the
filename responses from the update server. A malicious server, or
machine-in-the-middle system posing as a server, could write to arbitrary
files with user privileges.
References
Related
debiancve
debiancve
CVE-2007-0159
2007-01-10 00:28:00
prion
prion
Directory traversal
2007-01-10 00:28:00
ubuntucve
ubuntucve
CVE-2007-0159
2007-01-10 00:00:00
cvelist
cvelist
CVE-2007-0159
2007-01-10 00:00:00
openvas
openvas
Ubuntu Update for geoip vulnerability USN-412-1
2009-03-23 00:00:00
Ubuntu: Security Advisory (USN-412-1)
2009-03-23 00:00:00
nessus
nessus
Ubuntu 5.10 / 6.06 LTS / 6.10 : geoip vulnerability (USN-412-1)
2007-11-10 00:00:00
cve
cve
CVE-2007-0159
2007-01-10 00:28:00
securityvulns
securityvulns
6.5 Medium
AI Score
Confidence
Low
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
0.024 Low
EPSS
Percentile
89.9%
Related for USN-412-1