Lucene search

CanonicalCVE-2012-0954

HistoryJun 19, 2012 - 8:55 p.m.

CVE-2012-0954

2012-06-1920:55:05

CWE-20

canonical

web.nvd.nist.gov

cve-2012-0954

apt

security

vulnerability

gnupg

mitm

incomplete fix

cve-2012-3587

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

AI Score

6.5

Confidence

Low

EPSS

0.004

Percentile

72.2%

JSON

APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install altered packages via a man-in-the-middle (MITM) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3587.

Affected configurations

Nvd

Node

debianadvanced_package_toolMatch0.7.0

debianadvanced_package_toolMatch0.7.1

debianadvanced_package_toolMatch0.7.2

debianadvanced_package_toolMatch0.7.2-0.1

debianadvanced_package_toolMatch0.7.10

debianadvanced_package_toolMatch0.7.11

debianadvanced_package_toolMatch0.7.12

debianadvanced_package_toolMatch0.7.13

debianadvanced_package_toolMatch0.7.14

debianadvanced_package_toolMatch0.7.15

debianadvanced_package_toolMatch0.7.15exp1

debianadvanced_package_toolMatch0.7.15exp2

debianadvanced_package_toolMatch0.7.15exp3

debianadvanced_package_toolMatch0.7.16

debianadvanced_package_toolMatch0.7.17

debianadvanced_package_toolMatch0.7.17exp1

debianadvanced_package_toolMatch0.7.17exp2

debianadvanced_package_toolMatch0.7.17exp3

debianadvanced_package_toolMatch0.7.17exp4

debianadvanced_package_toolMatch0.7.18

debianadvanced_package_toolMatch0.7.19

debianadvanced_package_toolMatch0.7.20

debianadvanced_package_toolMatch0.7.20.1

debianadvanced_package_toolMatch0.7.20.2

debianadvanced_package_toolMatch0.7.21

debianadvanced_package_toolMatch0.7.22

debianadvanced_package_toolMatch0.7.22.1

debianadvanced_package_toolMatch0.7.22.2

debianadvanced_package_toolMatch0.7.23

debianadvanced_package_toolMatch0.7.23.1

debianadvanced_package_toolMatch0.7.24

debianadvanced_package_toolMatch0.8.0

debianadvanced_package_toolMatch0.8.0pre1

debianadvanced_package_toolMatch0.8.0pre2

debianadvanced_package_toolMatch0.8.1

debianadvanced_package_toolMatch0.8.10

debianadvanced_package_toolMatch0.8.10.1

debianadvanced_package_toolMatch0.8.10.2

debianadvanced_package_toolMatch0.8.10.3

debianadvanced_package_toolMatch0.8.11

debianadvanced_package_toolMatch0.8.11.1

debianadvanced_package_toolMatch0.8.11.2

debianadvanced_package_toolMatch0.8.11.3

debianadvanced_package_toolMatch0.8.11.4

debianadvanced_package_toolMatch0.8.11.5

debianadvanced_package_toolMatch0.8.12

debianadvanced_package_toolMatch0.8.13

debianadvanced_package_toolMatch0.8.13.1

debianadvanced_package_toolMatch0.8.13.2

debianadvanced_package_toolMatch0.8.14

debianadvanced_package_toolMatch0.8.14.1

debianadvanced_package_toolMatch0.8.15

debianadvanced_package_toolMatch0.8.15exp1

debianadvanced_package_toolMatch0.8.15exp2

debianadvanced_package_toolMatch0.8.15exp3

debianadvanced_package_toolMatch0.8.15.1

debianadvanced_package_toolMatch0.8.15.6

debianadvanced_package_toolMatch0.8.15.7

debianadvanced_package_toolMatch0.8.15.8

debianadvanced_package_toolMatch0.8.15.9

debianadvanced_package_toolMatch0.8.15.10

VendorProductVersionCPE
debianadvanced_package_tool0.7.0cpe:2.3:a:debian:advanced_package_tool:0.7.0:*:*:*:*:*:*:*
debianadvanced_package_tool0.7.1cpe:2.3:a:debian:advanced_package_tool:0.7.1:*:*:*:*:*:*:*
debianadvanced_package_tool0.7.2cpe:2.3:a:debian:advanced_package_tool:0.7.2:*:*:*:*:*:*:*
debianadvanced_package_tool0.7.2-0.1cpe:2.3:a:debian:advanced_package_tool:0.7.2-0.1:*:*:*:*:*:*:*
debianadvanced_package_tool0.7.10cpe:2.3:a:debian:advanced_package_tool:0.7.10:*:*:*:*:*:*:*
debianadvanced_package_tool0.7.11cpe:2.3:a:debian:advanced_package_tool:0.7.11:*:*:*:*:*:*:*
debianadvanced_package_tool0.7.12cpe:2.3:a:debian:advanced_package_tool:0.7.12:*:*:*:*:*:*:*
debianadvanced_package_tool0.7.13cpe:2.3:a:debian:advanced_package_tool:0.7.13:*:*:*:*:*:*:*
debianadvanced_package_tool0.7.14cpe:2.3:a:debian:advanced_package_tool:0.7.14:*:*:*:*:*:*:*
debianadvanced_package_tool0.7.15cpe:2.3:a:debian:advanced_package_tool:0.7.15:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
debian	advanced_package_tool	0.7.0	cpe:2.3:a:debian:advanced_package_tool:0.7.0:::::::*
debian	advanced_package_tool	0.7.1	cpe:2.3:a:debian:advanced_package_tool:0.7.1:::::::*
debian	advanced_package_tool	0.7.2	cpe:2.3:a:debian:advanced_package_tool:0.7.2:::::::*
debian	advanced_package_tool	0.7.2-0.1	cpe:2.3:a:debian:advanced_package_tool:0.7.2-0.1:::::::*
debian	advanced_package_tool	0.7.10	cpe:2.3:a:debian:advanced_package_tool:0.7.10:::::::*
debian	advanced_package_tool	0.7.11	cpe:2.3:a:debian:advanced_package_tool:0.7.11:::::::*
debian	advanced_package_tool	0.7.12	cpe:2.3:a:debian:advanced_package_tool:0.7.12:::::::*
debian	advanced_package_tool	0.7.13	cpe:2.3:a:debian:advanced_package_tool:0.7.13:::::::*
debian	advanced_package_tool	0.7.14	cpe:2.3:a:debian:advanced_package_tool:0.7.14:::::::*
debian	advanced_package_tool	0.7.15	cpe:2.3:a:debian:advanced_package_tool:0.7.15:::::::*