Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0954

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2012-0954
Last Modified 26 Jun 2012 12:00:00
Published 19 Jun 2012 04:55:05
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2012-0954

Summary

APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install altered packages via a man-in-the-middle (MITM) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3587.

Vulnerable Systems

Application

  • Debian Apt 0.7.0

  • Debian Apt 0.7.1

  • Debian Apt 0.7.10

  • Debian Apt 0.7.11

  • Debian Apt 0.7.12

  • Debian Apt 0.7.13

  • Debian Apt 0.7.14

  • Debian Apt 0.7.15

  • Debian Apt 0.7.16

  • Debian Apt 0.7.17

  • Debian Apt 0.7.18

  • Debian Apt 0.7.19

  • Debian Apt 0.7.2

  • Debian Apt 0.7.2-0.1

  • Debian Apt 0.7.20

  • Debian Apt 0.7.20.1

  • Debian Apt 0.7.20.2

  • Debian Apt 0.7.21

  • Debian Apt 0.7.22

  • Debian Apt 0.7.22.1

  • Debian Apt 0.7.22.2

  • Debian Apt 0.7.23

  • Debian Apt 0.7.23.1

  • Debian Apt 0.7.24

  • Debian Apt 0.8.0

  • Debian Apt 0.8.1

  • Debian Apt 0.8.10

  • Debian Apt 0.8.10.1

  • Debian Apt 0.8.10.2

  • Debian Apt 0.8.10.3

  • Debian Apt 0.8.11

  • Debian Apt 0.8.11.1

  • Debian Apt 0.8.11.2

  • Debian Apt 0.8.11.3

  • Debian Apt 0.8.11.4

  • Debian Apt 0.8.11.5

  • Debian Apt 0.8.12

  • Debian Apt 0.8.13

  • Debian Apt 0.8.13.1

  • Debian Apt 0.8.13.2

  • Debian Apt 0.8.14

  • Debian Apt 0.8.14.1

  • Debian Apt 0.8.15

  • Debian Apt 0.8.15.1

  • Debian Apt 0.8.15.10

  • Debian Apt 0.8.15.6

  • Debian Apt 0.8.15.7

  • Debian Apt 0.8.15.8

  • Debian Apt 0.8.15.9


References

CONFIRM - https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013681

CONFIRM - https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013639

CONFIRM - https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013128

UBUNTU - USN-1477-1

UBUNTU - USN-1475-1

BID - 54046

FULLDISC - 20120615 ubuntu apt-key (part 3)

FULLDISC - 20120614 Using second gpg keyring may be misleading?

FULLDISC - 20120612 Strange gpg key shadowing


Last Updated: 27 May 2016 10:56:32