2011-01-11 15:25:57 |
Kees Cook |
description |
Binary package hint: update-manager-core
I think update-manager has a security problem:
# grep URI /etc/update-manager/meta-release | head -2
URI = http://changelogs.ubuntu.com/meta-release
URI_LTS = http://changelogs.ubuntu.com/meta-release-lts
Changelogs are checked over the url: http://changelogs.ubuntu.com/meta-release where you will find something like this:
Dist: maverick
[..]
UpgradeTool: http://archive.ubuntu.com/ubuntu/dists/maverick-updates/main/dist-upgrader-all/current/maverick.tar.gz
UpgradeToolSignature: http://archive.ubuntu.com/ubuntu/dists/maverick-updates/main/dist-upgrader-all/current/maverick.tar.gz.gpg
Presumably, the UpgradeToolSignature is used to verify the UpgradeTool.
So update-manager does two things:
* Gets a key that verifies a file.
* Get a file.
* Checks the key verifies the file.
But because this is happening over http without ssl, the key or the file or both can be replaced. |
Binary package hint: update-manager-core
I think update-manager has a security problem:
# grep URI /etc/update-manager/meta-release | head -2
URI = http://changelogs.ubuntu.com/meta-release
URI_LTS = http://changelogs.ubuntu.com/meta-release-lts
Changelogs are checked over the url: http://changelogs.ubuntu.com/meta-release where you will find something like this:
Dist: maverick
[..]
UpgradeTool: http://archive.ubuntu.com/ubuntu/dists/maverick-updates/main/dist-upgrader-all/current/maverick.tar.gz
UpgradeToolSignature: http://archive.ubuntu.com/ubuntu/dists/maverick-updates/main/dist-upgrader-all/current/maverick.tar.gz.gpg
Presumably, the UpgradeToolSignature is used to verify the UpgradeTool.
So update-manager does two things:
* Gets a signature that verifies a file.
* Get a file.
* Checks the signature verifies the file.
But because this is happening over http without ssl, the signature or the file or both can be replaced.
|
|