Lucene search
Gentoo FoundationGLSA-201507-16HistoryJul 10, 2015 - 12:00 a.m.
Portage: Man-in-the-middle attack
2015-07-1000:00:00
Gentoo Foundation
security.gentoo.org
17
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
0.001
Percentile
46.5%
Background
Portage is the package management and distribution system for Gentoo.
Description
Portage does not verify X.509 SSL certificates properly if HTTPS is used.
Impact
A remote attacker can spoof servers and modify binary package lists via specially crafted certificates.
Workaround
There is no known workaround at this time.
Resolution
All Portage users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-apps/portage-2.1.12.2"
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Gentoo | any | all | sys-apps/portage | < 2.1.12.2 | UNKNOWN |
Related
cvelist
cvelist
CVE-2013-2100
2014-09-29 22:00:00
prion
prion
Design/Logic Flaw
2014-09-29 22:55:00
nvd
nvd
CVE-2013-2100
2014-09-29 22:55:07
nessus
nessus
GLSA-201507-16 : Portage: Man-in-the-middle attack
2015-09-23 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 201507-16
2015-09-29 00:00:00
cve
cve
CVE-2013-2100
2014-09-29 22:55:07
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
0.001
Percentile
46.5%
Related for GLSA-201507-16