CVE-2011-3152 - Vulnerability Details - OpenCVE

DistUpgrade/DistUpgradeFetcherCore.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 on Ubuntu 8.04 through 11.10 does not verify the GPG signature before extracting an upgrade tarball, which allows man-in-the-middle attackers to (1) create or overwrite arbitrary files via a directory traversal attack using a crafted tar file, or (2) bypass authentication via a crafted meta-release file.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Canonical	Ubuntu Linux Update-manager

Configuration 1 [-]

OR	cpe:2.3:a:canonical:update-manager::::::::
	cpe:2.3:a:canonical:update-manager:1\:0.134.7:::::::*
	cpe:2.3:a:canonical:update-manager:1\:0.142.19:::::::*
	cpe:2.3:a:canonical:update-manager:1\:0.150:::::::*
	cpe:2.3:a:canonical:update-manager:1\:0.152.25:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:8.04:-:lts:::::*
	cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:::::*
	cpe:2.3:o:canonical:ubuntu_linux:10.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:11.04:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:11.10:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/47024
http://www.osvdb.org/77642
http://www.securityfocus.com/bid/50833
http://www.ubuntu.com/usn/USN-1284-1
https://bugs.launchpad.net/ubuntu/%2Bsource/update-manager/%2Bbug/881548
https://exchange.xforce.ibmcloud.com/vulnerabilities/71494

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2014-04-27T20:00:00

Updated: 2024-08-06T23:22:27.618Z

Reserved: 2011-08-16T00:00:00

Link: CVE-2011-3152

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2014-04-27T20:55:23.463

Modified: 2025-04-12T10:46:40.837

Link: CVE-2011-3152

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-11-28T00:00:00", "descriptions": [{"lang": "en", "value": "DistUpgrade/DistUpgradeFetcherCore.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 on Ubuntu 8.04 through 11.10 does not verify the GPG signature before extracting an upgrade tarball, which allows man-in-the-middle attackers to (1) create or overwrite arbitrary files via a directory traversal attack using a crafted tar file, or (2) bypass authentication via a crafted meta-release file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ubuntu-update-gpg-sec-bypass(71494)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71494"}, {"name": "USN-1284-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1284-1"}, {"name": "77642", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/77642"}, {"name": "50833", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/50833"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.launchpad.net/ubuntu/%2Bsource/update-manager/%2Bbug/881548"}, {"name": "47024", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/47024"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-3152", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "DistUpgrade/DistUpgradeFetcherCore.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 on Ubuntu 8.04 through 11.10 does not verify the GPG signature before extracting an upgrade tarball, which allows man-in-the-middle attackers to (1) create or overwrite arbitrary files via a directory traversal attack using a crafted tar file, or (2) bypass authentication via a crafted meta-release file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ubuntu-update-gpg-sec-bypass(71494)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71494"}, {"name": "USN-1284-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1284-1"}, {"name": "77642", "refsource": "OSVDB", "url": "http://www.osvdb.org/77642"}, {"name": "50833", "refsource": "BID", "url": "http://www.securityfocus.com/bid/50833"}, {"name": "https://bugs.launchpad.net/ubuntu/%2Bsource/update-manager/%2Bbug/881548", "refsource": "CONFIRM", "url": "https://bugs.launchpad.net/ubuntu/%2Bsource/update-manager/%2Bbug/881548"}, {"name": "47024", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/47024"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T23:22:27.618Z"}, "title": "CVE Program Container", "references": [{"name": "ubuntu-update-gpg-sec-bypass(71494)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71494"}, {"name": "USN-1284-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1284-1"}, {"name": "77642", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/77642"}, {"name": "50833", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/50833"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.launchpad.net/ubuntu/%2Bsource/update-manager/%2Bbug/881548"}, {"name": "47024", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/47024"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-3152", "datePublished": "2014-04-27T20:00:00", "dateReserved": "2011-08-16T00:00:00", "dateUpdated": "2024-08-06T23:22:27.618Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:canonical:update-manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "6E6222C1-BE30-494E-9956-37DCC11200A6", "versionEndIncluding": "1\\:0.87.24", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:update-manager:1\\:0.134.7:*:*:*:*:*:*:*", "matchCriteriaId": "3BC72F6F-A738-47DC-ACE0-C4D00AD6426E", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:update-manager:1\\:0.142.19:*:*:*:*:*:*:*", "matchCriteriaId": "EA72C593-8B42-4683-BE81-E87CE26FDCF4", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:update-manager:1\\:0.150:*:*:*:*:*:*:*", "matchCriteriaId": "EDDB1BE2-8F01-46C5-ABE1-7D4E4AF40B72", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:update-manager:1\\:0.152.25:*:*:*:*:*:*:*", "matchCriteriaId": "ECE75579-DB27-4944-AB3F-BDC77A895E0A", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:-:lts:*:*:*:*:*", "matchCriteriaId": "D6DFE2D3-46E2-4D0C-8508-30307D654560", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*", "matchCriteriaId": "7118F616-25CA-4E34-AA13-4D14BB62419F", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*", "matchCriteriaId": "87614B58-24AB-49FB-9C84-E8DDBA16353B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*", "matchCriteriaId": "EF49D26F-142E-468B-87C1-BABEA445255C", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*", "matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "DistUpgrade/DistUpgradeFetcherCore.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 on Ubuntu 8.04 through 11.10 does not verify the GPG signature before extracting an upgrade tarball, which allows man-in-the-middle attackers to (1) create or overwrite arbitrary files via a directory traversal attack using a crafted tar file, or (2) bypass authentication via a crafted meta-release file."}, {"lang": "es", "value": "DistUpgrade/DistUpgradeFetcherCore.py en Update Manager anterior a 1:0.87.31.1, 1:0.134.x anterior a 1:0.134.11.1, 1:0.142.x anterior a 1:0.142.23.1, 1:0.150.x anterior a 1:0.150.5.1 y 1:0.152.x anterior a 1:0.152.25.5 en Ubuntu 8.04 hasta 11.10 no verifica la firma GPG antes de extraer un tarball actualizazci\u00f3n, lo que permite a atacantes man-the-middle (1) crear o sobrescribir archivos arbitrarios a trav\u00e9s de un ataque de salto de directorio mediante el uso de un archivo TAR manipulado o (2) evadir autenticaci\u00f3n a trav\u00e9s de un archivo meta-release manipulado."}], "id": "CVE-2011-3152", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-04-27T20:55:23.463", "references": [{"source": "cve@mitre.org", "url": "http://secunia.com/advisories/47024"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/77642"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/50833"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.ubuntu.com/usn/USN-1284-1"}, {"source": "cve@mitre.org", "url": "https://bugs.launchpad.net/ubuntu/%2Bsource/update-manager/%2Bbug/881548"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71494"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/47024"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/77642"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/50833"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.ubuntu.com/usn/USN-1284-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugs.launchpad.net/ubuntu/%2Bsource/update-manager/%2Bbug/881548"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71494"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-310"}], "source": "nvd@nist.gov", "type": "Primary"}]}