Lucene search
CanonicalCVELIST:CVE-2012-0954HistoryJun 19, 2012 - 8:00 p.m.
CVE-2012-0954
2012-06-1920:00:00
canonical
www.cve.org
11
apt
vulnerability
gpg
keyrings
mitm
attack
incomplete fix
cve-2012-0954
APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install altered packages via a man-in-the-middle (MITM) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3587.
References
seclists.org/fulldisclosure/2012/Jun/267
seclists.org/fulldisclosure/2012/Jun/271
seclists.org/fulldisclosure/2012/Jun/289
www.securityfocus.com/bid/54046
www.ubuntu.com/usn/USN-1475-1
www.ubuntu.com/usn/USN-1477-1
bugs.launchpad.net/ubuntu/+source/apt/+bug/1013128
bugs.launchpad.net/ubuntu/+source/apt/+bug/1013639
bugs.launchpad.net/ubuntu/+source/apt/+bug/1013681
Related
debiancve
debiancve
CVE-2012-0954
2012-06-19 20:55:05
CVE-2012-3587
2012-06-19 20:55:08
openvas
openvas
Ubuntu Update for apt USN-1475-1
2012-06-15 00:00:00
Ubuntu: Security Advisory (USN-1477-1)
2012-06-19 00:00:00
Ubuntu Update for apt USN-1477-1
2012-06-19 00:00:00
ubuntucve
ubuntucve
prion
prion
Design/Logic Flaw
2012-06-19 20:55:00
Design/Logic Flaw
2012-06-19 20:55:00
cve
cve
CVE-2012-0954
2012-06-19 20:55:05
CVE-2012-3587
2012-06-19 20:55:08
nvd
nvd
CVE-2012-0954
2012-06-19 20:55:05
CVE-2012-3587
2012-06-19 20:55:08
ubuntu
ubuntu
APT vulnerability
2012-06-15 00:00:00
nessus
nessus
cvelist
cvelist
CVE-2012-3587
2012-06-19 20:00:00