Vigil@nce - FreeBSD : no signature control by pkg
octobre 2015 par Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can exploit an incomplete configuration of pkg(7) in
FreeBSD, in order to perform a Man-in-the-middle.
Impacted products : FreeBSD.
Severity : 2/4.
Creation date : 26/08/2015.
DESCRIPTION OF THE VULNERABILITY
The FreeBSD product offers the pkg utility to install packets.
The pkg(8) tool is a rich-client. The pkg(7) tool is used to
install pkg(8). The signature_type parameter of the pkg.conf file
indicates the type of signature used to check the authenticity of
a packet.
However, when pkg(7) does not know the value of the signature_type
parameter, it interprets it as the value "none", and does not
control the integrity of the packet to install.
An attacker can therefore exploit an incomplete configuration of
pkg(7) in FreeBSD, in order to perform a Man-in-the-middle.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/FreeBSD-no-signature-control-by-pkg-17750