Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4739

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2007-4739
Last Modified 05 Feb 2009 01:30:15
Published 06 Sep 2007 03:17:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-4739

Summary

reprepro 1.3.0 through 2.2.3 does not properly verify signatures when updating repositories, which allows remote attackers to construct and distribute an ostensibly valid Release.gpg file by signing it with an unknown key, related to the update command.

Vulnerable Systems

Application

  • Debian Reprepro 1.3.0

  • Debian Reprepro 1.3.1

  • Debian Reprepro 2.0.0

  • Debian Reprepro 2.1.0

  • Debian Reprepro 2.2.0

  • Debian Reprepro 2.2.1

  • Debian Reprepro 2.2.2

  • Debian Reprepro 2.2.3


References

SECUNIA - 26678

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=440535

CONFIRM - http://alioth.debian.org/frs/shownotes.php?release_id=1031

OSVDB - 40172

MISC - http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;filename=interdiff;att=1;bug=440535

BID - 25537

DEBIAN - DSA-1394

SECUNIA - 27334


Last Updated: 27 May 2016 10:45:57