CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2015-1330

unattended-upgrades before 0.86.1 does not properly authenticate packages when the (1) force-confold or (2) force-confnew dpkg options are enabled in the DPkg::Options::* apt configuration, which allows remote man-in-the-middle attackers to upload and execute arbitrary packages via unspecified vectors.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 26.1%

CVSS Severity

CVSS v2 Score 6.8

References

http://metadata.ftp-master.debian.org/changelogs//main/u/unattended-upgrades/unattended-upgrades_0.86.1_changelog
http://www.debian.org/security/2015/dsa-3297
http://www.securitytracker.com/id/1032738
http://www.ubuntu.com/usn/USN-2657-1
http://metadata.ftp-master.debian.org/changelogs//main/u/unattended-upgrades/unattended-upgrades_0.86.1_changelog
http://www.debian.org/security/2015/dsa-3297
http://www.securitytracker.com/id/1032738
http://www.ubuntu.com/usn/USN-2657-1

Products affected by CVE-2015-1330

Debian » Unattended-Upgrades » Version: Any

cpe:2.3:a:debian:unattended-upgrades:*
Canonical » Ubuntu Linux » Version: 12.04

cpe:2.3:o:canonical:ubuntu_linux:12.04
Canonical » Ubuntu Linux » Version: 14.04

cpe:2.3:o:canonical:ubuntu_linux:14.04
Canonical » Ubuntu Linux » Version: 14.10

cpe:2.3:o:canonical:ubuntu_linux:14.10
Canonical » Ubuntu Linux » Version: 15.04

cpe:2.3:o:canonical:ubuntu_linux:15.04

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-1330

Products

Pricing

Contact Us