Vulnerability Description
maas-import-pxe-files in MAAS before 13.10 does not verify the integrity of downloaded files, which allows remote attackers to modify these files via a man-in-the-middle (MITM) attack.
CVSS Score
5.8
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Canonical | Ubuntu Linux | 12.04 |
| Canonical | Maas | <= 12.04.4 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/55567Vendor Advisory
- http://www.ubuntu.com/usn/USN-2013-1
- https://bugs.launchpad.net/maas/%2Bbug/1039513
- https://launchpad.net/maas/+milestone/13.10
- http://secunia.com/advisories/55567Vendor Advisory
- http://www.ubuntu.com/usn/USN-2013-1
- https://bugs.launchpad.net/maas/%2Bbug/1039513
- https://launchpad.net/maas/+milestone/13.10
FAQ
What is CVE-2013-1058?
CVE-2013-1058 is a vulnerability with a CVSS score of 5.8 (MEDIUM). maas-import-pxe-files in MAAS before 13.10 does not verify the integrity of downloaded files, which allows remote attackers to modify these files via a man-in-the-middle (MITM) attack.
How severe is CVE-2013-1058?
CVE-2013-1058 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-1058?
Check the references section above for vendor advisories and patch information. Affected products include: Canonical Ubuntu Linux, Canonical Maas.