Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0944

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-0944
Last Modified 20 Jun 2012 12:00:00
Published 04 Jun 2012 04:55:02
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-0944

Summary

Aptdaemon 0.43 and earlier in Ubuntu 11.04, 11.10, and 12.04 LTS does not authenticate packages when the transaction is not simulated, which allows remote attackers to install arbitrary packages via a man-in-the-middle attack.

Vulnerable Systems

Operating System

  • Canonical Ubuntu Linux 11.04

  • Canonical Ubuntu Linux 11.10

  • Canonical Ubuntu Linux 12.04

Application

  • Sebastian Heinlein Aptdaemon 0.20

  • Sebastian Heinlein Aptdaemon 0.30

  • Sebastian Heinlein Aptdaemon 0.31

  • Sebastian Heinlein Aptdaemon 0.32

  • Sebastian Heinlein Aptdaemon 0.33

  • Sebastian Heinlein Aptdaemon 0.34

  • Sebastian Heinlein Aptdaemon 0.40

  • Sebastian Heinlein Aptdaemon 0.41

  • Sebastian Heinlein Aptdaemon 0.42


References

CONFIRM - https://bugs.launchpad.net/ubuntu/%2Bsource/aptdaemon/%2Bbug/959131

XF - aptdaemon-transaction-security-bypass(74553)

BID - 52855

OSVDB - 80887

UBUNTU - USN-1414-1

SECUNIA - 48688


Last Updated: 27 May 2016 10:47:11