Lucene search

MitreCVE-2012-3587

HistoryJun 19, 2012 - 8:55 p.m.

CVE-2012-3587

2012-06-1920:55:08

CWE-20

mitre

web.nvd.nist.gov

apt

vulnerability

cve-2012-3587

security

gnupg

apt 0.7.x

apt 0.8.x

keyrings

gpg

subkeys

mitm

attack

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

AI Score

6.5

Confidence

Low

EPSS

0.002

Percentile

53.9%

JSON

APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-middle (MITM) attack.

Affected configurations

Nvd

Node

debianadvanced_package_toolMatch0.7.0

debianadvanced_package_toolMatch0.7.1

debianadvanced_package_toolMatch0.7.2

debianadvanced_package_toolMatch0.7.2-0.1

debianadvanced_package_toolMatch0.7.10

debianadvanced_package_toolMatch0.7.11

debianadvanced_package_toolMatch0.7.12

debianadvanced_package_toolMatch0.7.13

debianadvanced_package_toolMatch0.7.14

debianadvanced_package_toolMatch0.7.15

debianadvanced_package_toolMatch0.7.15exp1

debianadvanced_package_toolMatch0.7.15exp2

debianadvanced_package_toolMatch0.7.15exp3

debianadvanced_package_toolMatch0.7.16

debianadvanced_package_toolMatch0.7.17

debianadvanced_package_toolMatch0.7.17exp1

debianadvanced_package_toolMatch0.7.17exp2

debianadvanced_package_toolMatch0.7.17exp3

debianadvanced_package_toolMatch0.7.17exp4

debianadvanced_package_toolMatch0.7.18

debianadvanced_package_toolMatch0.7.19

debianadvanced_package_toolMatch0.7.20

debianadvanced_package_toolMatch0.7.20.1

debianadvanced_package_toolMatch0.7.20.2

debianadvanced_package_toolMatch0.7.21

debianadvanced_package_toolMatch0.7.22

debianadvanced_package_toolMatch0.7.22.1

debianadvanced_package_toolMatch0.7.22.2

debianadvanced_package_toolMatch0.7.23

debianadvanced_package_toolMatch0.7.23.1

debianadvanced_package_toolMatch0.7.24

debianadvanced_package_toolMatch0.8.0

debianadvanced_package_toolMatch0.8.0pre1

debianadvanced_package_toolMatch0.8.0pre2

debianadvanced_package_toolMatch0.8.1

debianadvanced_package_toolMatch0.8.10

debianadvanced_package_toolMatch0.8.10.1

debianadvanced_package_toolMatch0.8.10.2

debianadvanced_package_toolMatch0.8.10.3

debianadvanced_package_toolMatch0.8.11

debianadvanced_package_toolMatch0.8.11.1

debianadvanced_package_toolMatch0.8.11.2

debianadvanced_package_toolMatch0.8.11.3

debianadvanced_package_toolMatch0.8.11.4

debianadvanced_package_toolMatch0.8.11.5

debianadvanced_package_toolMatch0.8.12

debianadvanced_package_toolMatch0.8.13

debianadvanced_package_toolMatch0.8.13.1

debianadvanced_package_toolMatch0.8.13.2

debianadvanced_package_toolMatch0.8.14

debianadvanced_package_toolMatch0.8.14.1

debianadvanced_package_toolMatch0.8.15

debianadvanced_package_toolMatch0.8.15exp1

debianadvanced_package_toolMatch0.8.15exp2

debianadvanced_package_toolMatch0.8.15exp3

debianadvanced_package_toolMatch0.8.15.1

debianadvanced_package_toolMatch0.8.15.6

debianadvanced_package_toolMatch0.8.15.7

debianadvanced_package_toolMatch0.8.15.8

debianadvanced_package_toolMatch0.8.15.9

debianadvanced_package_toolMatch0.8.15.10

VendorProductVersionCPE
debianadvanced_package_tool0.7.0cpe:2.3:a:debian:advanced_package_tool:0.7.0:*:*:*:*:*:*:*
debianadvanced_package_tool0.7.1cpe:2.3:a:debian:advanced_package_tool:0.7.1:*:*:*:*:*:*:*
debianadvanced_package_tool0.7.2cpe:2.3:a:debian:advanced_package_tool:0.7.2:*:*:*:*:*:*:*
debianadvanced_package_tool0.7.2-0.1cpe:2.3:a:debian:advanced_package_tool:0.7.2-0.1:*:*:*:*:*:*:*
debianadvanced_package_tool0.7.10cpe:2.3:a:debian:advanced_package_tool:0.7.10:*:*:*:*:*:*:*
debianadvanced_package_tool0.7.11cpe:2.3:a:debian:advanced_package_tool:0.7.11:*:*:*:*:*:*:*
debianadvanced_package_tool0.7.12cpe:2.3:a:debian:advanced_package_tool:0.7.12:*:*:*:*:*:*:*
debianadvanced_package_tool0.7.13cpe:2.3:a:debian:advanced_package_tool:0.7.13:*:*:*:*:*:*:*
debianadvanced_package_tool0.7.14cpe:2.3:a:debian:advanced_package_tool:0.7.14:*:*:*:*:*:*:*
debianadvanced_package_tool0.7.15cpe:2.3:a:debian:advanced_package_tool:0.7.15:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
debian	advanced_package_tool	0.7.0	cpe:2.3:a:debian:advanced_package_tool:0.7.0:::::::*
debian	advanced_package_tool	0.7.1	cpe:2.3:a:debian:advanced_package_tool:0.7.1:::::::*
debian	advanced_package_tool	0.7.2	cpe:2.3:a:debian:advanced_package_tool:0.7.2:::::::*
debian	advanced_package_tool	0.7.2-0.1	cpe:2.3:a:debian:advanced_package_tool:0.7.2-0.1:::::::*
debian	advanced_package_tool	0.7.10	cpe:2.3:a:debian:advanced_package_tool:0.7.10:::::::*
debian	advanced_package_tool	0.7.11	cpe:2.3:a:debian:advanced_package_tool:0.7.11:::::::*
debian	advanced_package_tool	0.7.12	cpe:2.3:a:debian:advanced_package_tool:0.7.12:::::::*
debian	advanced_package_tool	0.7.13	cpe:2.3:a:debian:advanced_package_tool:0.7.13:::::::*
debian	advanced_package_tool	0.7.14	cpe:2.3:a:debian:advanced_package_tool:0.7.14:::::::*
debian	advanced_package_tool	0.7.15	cpe:2.3:a:debian:advanced_package_tool:0.7.15:::::::*