Linux Security
    Linux Security
    Linux Security

    TeamViewer RPM repo left door open for malicious packages

    Date 06 Nov 2020
    840
    Posted By Brittany Day
    LS Hmepg 337x500 11

    A vulnerability discovered in TeamViewer RPM auto-updates on Linux allowed attackers to easily install and execute arbitrary software with root permissions. Luckily, TeamViewer has fixed this flaw in version 15.11.6.

     

    Three months ago, I discovered a security vulnerability in TeamViewer RPM auto-updates on Linux. The vulnerability allowed an attacker-in-the-middle (AITM) to subvert the TeamViewer RPM package repository to install and execute arbitrary software with root permissions.

    First thing first: TeamViewer followed best practices and used cryptographic signing (GPG) on the repository metadata and its software packages. These measures should have prevented anyone from tampering with either the repository or any of its packages. However, it assumes that the system has a copy of TeamViewer’s public GPG key.

    LinuxSecurity Poll

    How long have you been using Linux?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    /main-polls/46-how-long-have-you-been-using-linux?task=poll.vote&format=json
    46
    radio
    [{"id":"160","title":"Just made the switch!","votes":"3","type":"x","order":"1","pct":30,"resources":[]},{"id":"161","title":"1-5 years","votes":"1","type":"x","order":"2","pct":10,"resources":[]},{"id":"162","title":"6-10 years","votes":"0","type":"x","order":"3","pct":0,"resources":[]},{"id":"163","title":">10 years - I'm a veteran!","votes":"6","type":"x","order":"4","pct":60,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.