Main Vulnerability Database SB2017012711

SB2017012711 - Manifest spoofing in borgbackup (Alpine package)

Published: January 27, 2017

Security Bulletin ID SB2017012711

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Manifest spoofing (CVE-ID: CVE-2016-10099)

The vulnerability allows a remote attacker to perform a spoofing attack.

The vulnerability exists due to error within cryptographic protocol used to authenticate the manifest (list of archives). A remote attacker can spoof the list of archives.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=978800365815537d1a1e289d239d6a316bf70455