DistUpgrade/DistUpgradeFetcherCore.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 on Ubuntu 8.04 through 11.10 does not verify the GPG signature before extracting an upgrade tarball, which allows man-in-the-middle attackers to (1) create or overwrite arbitrary files via a directory traversal attack using a crafted tar file, or (2) bypass authentication via a crafted meta-release file.
Weaknesses in this category are related to the design and implementation of data confidentiality and integrity. Frequently these deal with the use of encoding techniques, encryption libraries, and hashing algorithms. The weaknesses in this category could lead to a degradation of the quality data if they are not addressed.
| Link | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/71494 | vdb entry |
| http://www.ubuntu.com/usn/USN-1284-1 | vendor advisory |
| http://www.osvdb.org/77642 | vdb entry |
| http://www.securityfocus.com/bid/50833 | vdb entry |
| https://bugs.launchpad.net/ubuntu/%2Bsource/update-manager/%2Bbug/881548 | |
| http://secunia.com/advisories/47024 | third party advisory |