Directory Traversal Vulnerability in Update Manager for Ubuntu
CVE-2011-3152

Currently unrated

Key Information:

Vendor: Canonical
Status: Ubuntu Linux; Update-manager
Vendor: CVE Published:; 27 April 2014

Summary

A vulnerability exists in the Update Manager of Ubuntu, present in versions from 8.04 through 11.10, that compromises GPG signature verification for upgrade tarballs. Attackers can exploit this weakness through crafted tar files to perform directory traversal attacks, leading to the creation or overwriting of arbitrary files. Additionally, a crafted meta-release file can be used to bypass authentication, enabling unauthorized access to system upgrades.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/71494

vdb-entryx_refsource_XF

http://www.ubuntu.com/usn/USN-1284-1

vendor-advisoryx_refsource_UBUNTU

http://www.osvdb.org/77642

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
Apr 27, 2014
Vulnerability Reserved
Aug 16, 2011