NASLDB: Debian DSA-1394-1 : reprepro - authentication bypass
General
ID: 27549
Name: Debian DSA-1394-1 : reprepro – authentication bypass
Summary: Checks dpkg output for the updated package
Credits: –
Classification
Risk: –
CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS Temporal Vector: –
Port: 0
Family: Debian Local Security Checks
Type: Local
Description
It was discovered that reprepro, a tool to create a repository of
Debian packages, only checks the validity of known signatures when
updating from a remote site, and thus does not reject packages with
only unknown signatures. This allows an attacker to bypass this
authentication mechanism.
The oldstable distribution (sarge) is not affected by this problem.
Exploiting
Exploit Available: –
Exploitability Ease: –
Sources
CVE: CVE-2007-4739
OSVDB: –
Bugtraq: –
scipID: –
Timeline
Vulnerability Disclosure: –
Patch Release: 2007/10/23
Plugin Release: 2007/10/25
Plugin
Version: 1.9
Filename: debian_DSA-1394.nasl
Filesize: 2971 bytes
MD5 Hash: 92e28509d8ba5eab7b0c5728c41bd797
Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l
Dependencies: "ssh_get_info.nasl"
Copyright: This script is© 2007-2012 Tenable Network Security, Inc.
- Letzte Plugins
- USN-1611-1 : thunderbird vulnerabilities
- USN-1610-1 : linux vulnerability
- USN-1609-1 : linux-ti-omap4 vulnerability
- SuSE 10 Security Update : PostgreSQL
- RHSA-2012-1364: bind97
- RHSA-2012-1363: bind
- RHSA-2012-1362: thunderbird
- RHSA-2012-1361: xulrunner
- Mandriva Linux Security Advisory : graphicsmagick
- FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack