Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1358

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2009-1358
Last Modified 19 May 2009 01:34:58
Published 21 Apr 2009 07:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-1358

Summary

apt-get in apt before 0.7.21 does not check for the correct error code from gpgv, which causes apt to treat a repository as valid even when it has been signed with a key that has been revoked or expired, which might allow remote attackers to trick apt into installing malicious repositories.

Vulnerable Systems

Application

  • Debian Apt 0.0.1

  • Debian Apt 0.0.10

  • Debian Apt 0.0.11

  • Debian Apt 0.0.12

  • Debian Apt 0.0.13

  • Debian Apt 0.0.13-bo1

  • Debian Apt 0.0.14

  • Debian Apt 0.0.15

  • Debian Apt 0.0.15-0.1bo

  • Debian Apt 0.0.15-0.2bo

  • Debian Apt 0.0.16-1

  • Debian Apt 0.0.17-1

  • Debian Apt 0.0.2

  • Debian Apt 0.0.3

  • Debian Apt 0.0.4

  • Debian Apt 0.0.5

  • Debian Apt 0.0.6

  • Debian Apt 0.0.7

  • Debian Apt 0.0.8

  • Debian Apt 0.0.9

  • Debian Apt 0.1

  • Debian Apt 0.1.1

  • Debian Apt 0.1.3

  • Debian Apt 0.1.5

  • Debian Apt 0.1.6

  • Debian Apt 0.1.7

  • Debian Apt 0.1.9

  • Debian Apt 0.3.0

  • Debian Apt 0.3.1

  • Debian Apt 0.3.11

  • Debian Apt 0.3.12

  • Debian Apt 0.3.13

  • Debian Apt 0.3.14

  • Debian Apt 0.3.15

  • Debian Apt 0.3.16

  • Debian Apt 0.3.17

  • Debian Apt 0.3.18

  • Debian Apt 0.3.19

  • Debian Apt 0.3.2

  • Debian Apt 0.3.3

  • Debian Apt 0.3.4

  • Debian Apt 0.3.6

  • Debian Apt 0.3.7

  • Debian Apt 0.3.9

  • Debian Apt 0.5.0

  • Debian Apt 0.5.1

  • Debian Apt 0.5.10

  • Debian Apt 0.5.11

  • Debian Apt 0.5.12

  • Debian Apt 0.5.13

  • Debian Apt 0.5.14

  • Debian Apt 0.5.15

  • Debian Apt 0.5.16

  • Debian Apt 0.5.17

  • Debian Apt 0.5.18

  • Debian Apt 0.5.19

  • Debian Apt 0.5.2

  • Debian Apt 0.5.20

  • Debian Apt 0.5.21

  • Debian Apt 0.5.22

  • Debian Apt 0.5.23

  • Debian Apt 0.5.24

  • Debian Apt 0.5.25

  • Debian Apt 0.5.26

  • Debian Apt 0.5.27

  • Debian Apt 0.5.28

  • Debian Apt 0.5.29

  • Debian Apt 0.5.3

  • Debian Apt 0.5.30

  • Debian Apt 0.5.31

  • Debian Apt 0.5.32

  • Debian Apt 0.5.4

  • Debian Apt 0.5.5

  • Debian Apt 0.5.5.1

  • Debian Apt 0.5.6

  • Debian Apt 0.5.7

  • Debian Apt 0.5.8

  • Debian Apt 0.5.9

  • Debian Apt 0.6.0

  • Debian Apt 0.6.1

  • Debian Apt 0.6.10

  • Debian Apt 0.6.11

  • Debian Apt 0.6.12

  • Debian Apt 0.6.13

  • Debian Apt 0.6.14

  • Debian Apt 0.6.15

  • Debian Apt 0.6.16

  • Debian Apt 0.6.17

  • Debian Apt 0.6.18

  • Debian Apt 0.6.19

  • Debian Apt 0.6.2

  • Debian Apt 0.6.20

  • Debian Apt 0.6.21

  • Debian Apt 0.6.22

  • Debian Apt 0.6.23

  • Debian Apt 0.6.24

  • Debian Apt 0.6.25

  • Debian Apt 0.6.27

  • Debian Apt 0.6.28

  • Debian Apt 0.6.29

  • Debian Apt 0.6.3

  • Debian Apt 0.6.30

  • Debian Apt 0.6.31

  • Debian Apt 0.6.32

  • Debian Apt 0.6.33

  • Debian Apt 0.6.34

  • Debian Apt 0.6.35

  • Debian Apt 0.6.36

  • Debian Apt 0.6.37

  • Debian Apt 0.6.38

  • Debian Apt 0.6.39

  • Debian Apt 0.6.4

  • Debian Apt 0.6.40

  • Debian Apt 0.6.40.1

  • Debian Apt 0.6.41

  • Debian Apt 0.6.42

  • Debian Apt 0.6.42.1

  • Debian Apt 0.6.42.2

  • Debian Apt 0.6.42.3

  • Debian Apt 0.6.43

  • Debian Apt 0.6.43.1

  • Debian Apt 0.6.43.2

  • Debian Apt 0.6.43.3

  • Debian Apt 0.6.44

  • Debian Apt 0.6.44.1

  • Debian Apt 0.6.44.1-0.1

  • Debian Apt 0.6.44.2

  • Debian Apt 0.6.45

  • Debian Apt 0.6.46

  • Debian Apt 0.6.46.1

  • Debian Apt 0.6.46.2

  • Debian Apt 0.6.46.3

  • Debian Apt 0.6.46.3-0.1

  • Debian Apt 0.6.46.3-0.2

  • Debian Apt 0.6.46.4-0.1

  • Debian Apt 0.6.5

  • Debian Apt 0.6.6

  • Debian Apt 0.6.7

  • Debian Apt 0.6.8

  • Debian Apt 0.6.9

  • Debian Apt 0.7.0

  • Debian Apt 0.7.1

  • Debian Apt 0.7.10

  • Debian Apt 0.7.11

  • Debian Apt 0.7.12

  • Debian Apt 0.7.13

  • Debian Apt 0.7.14

  • Debian Apt 0.7.15

  • Debian Apt 0.7.16

  • Debian Apt 0.7.17

  • Debian Apt 0.7.18

  • Debian Apt 0.7.19

  • Debian Apt 0.7.2

  • Debian Apt 0.7.2-0.1

  • Debian Apt 0.7.20

  • Debian Apt 0.7.20.1

  • Debian Apt 0.7.20.2

  • Debian Apt 0.7.21

  • Debian Apt 0.7.3

  • Debian Apt 0.7.4

  • Debian Apt 0.7.5

  • Debian Apt 0.7.6

  • Debian Apt 0.7.7

  • Debian Apt 0.7.8

  • Debian Apt 0.7.9


References

CONFIRM - https://bugs.launchpad.net/ubuntu/+source/apt/+bug/356012

XF - apt-aptget-gpgv-security-bypass(50086)

UBUNTU - USN-762-1

BID - 34630

DEBIAN - DSA-1779

SECUNIA - 34874

SECUNIA - 34832

SECUNIA - 34829

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=433091


Last Updated: 27 May 2016 10:50:32