CVE-2013-1051

2013-03-2117:55:01

CWE-20

canonical

web.nvd.nist.gov

cve-2013-1051

apt

version 0.8.16

version 0.9.7

man-in-the-middle attack

package modification

integrity checking

third-party repositories

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.4

Confidence

Low

EPSS

0.001

Percentile

32.4%

JSON

apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify packages before installation via unknown vectors, possibly related to integrity checking and the use of third-party repositories.

Affected configurations

Nvd

Node

debianadvanced_package_toolMatch0.8.16

debianaptMatch0.9.7

Node

canonicalubuntu_linuxMatch11.10

canonicalubuntu_linuxMatch12.04-lts

canonicalubuntu_linuxMatch12.10

VendorProductVersionCPE
debianadvanced_package_tool0.8.16cpe:2.3:a:debian:advanced_package_tool:0.8.16:*:*:*:*:*:*:*
debianapt0.9.7cpe:2.3:a:debian:apt:0.9.7:*:*:*:*:*:*:*
canonicalubuntu_linux11.10cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
canonicalubuntu_linux12.04cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
canonicalubuntu_linux12.10cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
debian	advanced_package_tool	0.8.16	cpe:2.3:a:debian:advanced_package_tool:0.8.16:::::::*
debian	apt	0.9.7	cpe:2.3:a:debian:apt:0.9.7:::::::*
canonical	ubuntu_linux	11.10	cpe:2.3:o:canonical:ubuntu_linux:11.10:::::::*
canonical	ubuntu_linux	12.04	cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:::::*
canonical	ubuntu_linux	12.10	cpe:2.3:o:canonical:ubuntu_linux:12.10:::::::*