Unrated severityNVD Advisory· Published Apr 27, 2014· Updated May 6, 2026

CVE-2011-3152

Description

DistUpgrade/DistUpgradeFetcherCore.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 on Ubuntu 8.04 through 11.10 does not verify the GPG signature before extracting an upgrade tarball, which allows man-in-the-middle attackers to (1) create or overwrite arbitrary files via a directory traversal attack using a crafted tar file, or (2) bypass authentication via a crafted meta-release file.

Affected products

Canonical (company)/Update Manager5 versions
cpe:2.3:a:canonical:update-manager:*:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:canonical:update-manager:*:*:*:*:*:*:*:*range: <=1\:0.87.24
- cpe:2.3:a:canonical:update-manager:1\:0.134.7:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:update-manager:1\:0.142.19:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:update-manager:1\:0.150:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:update-manager:1\:0.152.25:*:*:*:*:*:*:*
Canonical (company)/Ubuntu Linux5 versions
cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*+ 4 more
- cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:-:lts:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000