CVE-2015-1330
unattended-upgrades <0.86.1 - Man-in-the-Middle
Title source: llmDescription
unattended-upgrades before 0.86.1 does not properly authenticate packages when the (1) force-confold or (2) force-confnew dpkg options are enabled in the DPkg::Options::* apt configuration, which allows remote man-in-the-middle attackers to upload and execute arbitrary packages via unspecified vectors.
References (4)
Scores
EPSS
0.0008
EPSS Percentile
22.5%
Classification
CWE
CWE-287
Status
draft
Affected Products (5)
canonical/ubuntu_linux
canonical/ubuntu_linux
canonical/ubuntu_linux
canonical/ubuntu_linux
debian/unattended-upgrades
< 0.86
Timeline
Published
Jul 01, 2015
Tracked Since
Feb 18, 2026