NVD

Id
56856  
Name
CVE-2007-4739  
Description
reprepro 1.3.0 through 2.2.3 does not properly verify signatures when updating repositories, which allows remote attackers to construct and distribute an ostensibly valid Release.gpg file by signing it with an unknown key, related to the update command.  
Reject
 
CVSS Version
2  
CVSS Score
5  
Severity
Medium  
CVSS Base Score
5  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:N/I:P/A:N)  
Pub Date
2017-01-07  
Published
2007-09-06  
Modified Date
2009-02-05  
Seq
2007-4739  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
289998 56856 CVE-2007-4739 http://alioth.debian.org/frs/shownotes.php?release_id=1031  View
289999 56856 CVE-2007-4739 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=440535  View
290000 56856 CVE-2007-4739 http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;filename=interdiff;att=1;bug=440535  View
290001 56856 CVE-2007-4739 DSA-1394  View
290002 56856 CVE-2007-4739 25537  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
53904 JVNDB-2007-002596 reprepro における一見有効な Release.gpg ファイルを作成し配布される脆弱性 reprepro には、リポジトリを更新している際、署名を適切に検証しないため、一見有効な Release.gpg ファイルを作成し配布される脆弱性が存在します。 CVE-2007-4739 28094 CVE-2007-4739 56856 5 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-002596.html 2007-09-02 2012-06-26 View