CVE-2008-3323

CVE-2008-3323 · HIGH Severity

AV:N/AC:H/AU:N/C:C/I:C/A:C

setup.exe before 2.573.2.3 in Cygwin does not properly verify the authenticity of packages, which allows remote Cygwin mirror servers or man-in-the-middle attackers to execute arbitrary code via a package list containing the MD5 checksum of a Trojan horse package.

Learn more about our Cis Benchmark Audit For Server Software.