CVE-2015-1330
Description
unattended-upgrades before 0.86.1 does not properly authenticate packages when the (1) force-confold or (2) force-confnew dpkg options are enabled in the DPkg::Options::* apt configuration, which allows remote man-in-the-middle attackers to upload and execute arbitrary packages via unspecified vectors.
Risk Information
Base Score
9.8
MODERATE
Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.076
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| automatic installation of security upgrades (USN-2657-1) unattended-upgrades_0.83.6ubuntu1_all.deb | Linux |
| automatic installation of security upgrades (USN-2657-1) unattended-upgrades_0.82.1ubuntu2.3_all.deb | Linux |
| unattended-upgrades security update(DSA-3297-1) unattended-upgrades_0.83.3.2+deb8u1_all.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234