Launchpad CVE tracker

CVE 2013-1058

maas-import-pxe-files in MAAS before 13.10 does not verify the integrity of downloaded files, which allows remote attackers to modify these files via a man-in-the-middle (MITM) attack.

Related bugs and status

CVE-2013-1058 (Candidate) is related to these bugs:

Bug #1039513: maas-import-pxe-files doesn't cryptographically verify what it downloads

		In	Importance	Status
1039513	maas-import-pxe-files doesn't cryptographically verify what it downloads	MAAS	Critical	Fix Released
1039513	maas-import-pxe-files doesn't cryptographically verify what it downloads	MAAS 1.2	Critical	Fix Released
1039513	maas-import-pxe-files doesn't cryptographically verify what it downloads	MAAS 1.3	Critical	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://bugs.launchpad...
CONFIRM: https://launchpad.net/...
UBUNTU: USN-2013-1
SECUNIA: 55567

Launchpad.net

CVE 2013-1058

Related bugs and status

Related bugs

References