UbuntuUSN-1385-1APT vulnerability
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
Low
EPSS
Percentile
35.2%
Releases
- Ubuntu 11.10
- Ubuntu 11.04
Packages
- apt - Advanced front-end for dpkg
Details
Simon Ruderich discovered that APT incorrectly handled repositories that
use InRelease files. The default Ubuntu repositories do not use InRelease
files, so this issue only affected third-party repositories. If a remote
attacker were able to perform a machine-in-the-middle attack, this flaw could
potentially be used to install altered packages.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 11.10 | noarch | apt | < 0.8.16~exp5ubuntu13.2 | UNKNOWN |
| Ubuntu | 11.10 | noarch | apt-transport-https | < 0.8.16~exp5ubuntu13.2 | UNKNOWN |
| Ubuntu | 11.10 | noarch | apt-utils | < 0.8.16~exp5ubuntu13.2 | UNKNOWN |
| Ubuntu | 11.10 | noarch | libapt-inst1.3 | < 0.8.16~exp5ubuntu13.2 | UNKNOWN |
| Ubuntu | 11.10 | noarch | libapt-pkg-dev | < 0.8.16~exp5ubuntu13.2 | UNKNOWN |
| Ubuntu | 11.10 | noarch | libapt-pkg4.11 | < 0.8.16~exp5ubuntu13.2 | UNKNOWN |
| Ubuntu | 11.04 | noarch | apt | < 0.8.13.2ubuntu4.4 | UNKNOWN |
| Ubuntu | 11.04 | noarch | apt-transport-https | < 0.8.13.2ubuntu4.4 | UNKNOWN |
| Ubuntu | 11.04 | noarch | apt-utils | < 0.8.13.2ubuntu4.4 | UNKNOWN |
| Ubuntu | 11.04 | noarch | libapt-pkg-dev | < 0.8.13.2ubuntu4.4 | UNKNOWN |
References
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
Low
EPSS
Percentile
35.2%