CVE-2013-1058

maas-import-pxe-files in MAAS before 13.10 does not verify the integrity of downloaded files, which allows remote attackers to modify these files via a man-in-the-middle (MITM) attack.

Published: Nov 23, 2013
Updated: Apr 13, 2023
CVE: CVE-2013-1058
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5.8
AV:N/AC:M/Au:N/C:N/I:P/A:P

CWEs:

CWE-310

Affected Software
References

Software	From	Fixed in
canonical / ubuntu_linux	13.04	13.04.x
canonical / ubuntu_linux	12.10	12.10.x
canonical / ubuntu_linux	12.04	12.04.x
canonical / maas	12.04.1	12.04.1.x
canonical / maas	12.04.3	12.04.3.x
canonical / maas	-	12.04.4.x
canonical / maas	12.04.2	12.04.2.x

http://secunia.com/advisories/55567
http://www.ubuntu.com/usn/USN-2013-1
https://bugs.launchpad.net/maas/%2Bbug/1039513
https://launchpad.net/maas/+milestone/13.10

Vulnerability Database

CVE-2013-1058