fkie_cve-2012-0954
Vulnerability from fkie_nvd
Published
2012-06-19 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install altered packages via a man-in-the-middle (MITM) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3587.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2372DE68-69A3-44B6-A42E-1C8EA272FAC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F846A10-711A-42A1-A71A-FB11D4B511F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3E070DA8-E764-4C1B-BCDB-F15597ABE7AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.2-0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DCEE6BF2-3B33-41F7-84C4-626D1559FB24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1BDAAE90-9BD4-4160-89D3-162561CB30BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "CBC7B0DD-F983-41DC-BB78-52FB53C044DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B832BF3E-A081-4708-8D54-C5BC827965E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "31586872-C049-4125-B82A-FEA8B06FDF7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2F377D69-4C1D-4D1A-96D9-B7724756CA3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "71851F90-85E4-4250-B9FB-320A33B04B58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.15:exp1:*:*:*:*:*:*",
"matchCriteriaId": "C6356166-F4D5-4B50-94AE-7A25803FFF38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.15:exp2:*:*:*:*:*:*",
"matchCriteriaId": "0D7D88AF-16B4-4C3F-AF7D-8773CB08BA01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.15:exp3:*:*:*:*:*:*",
"matchCriteriaId": "5F293909-BFDB-49A2-AF03-6ADACE195204",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.16:*:*:*:*:*:*:*",
"matchCriteriaId": "E138D3A7-F289-4491-A24D-4DF2F179EAAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.17:*:*:*:*:*:*:*",
"matchCriteriaId": "19ED89FC-F907-4126-B969-625887306487",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.17:exp1:*:*:*:*:*:*",
"matchCriteriaId": "0F467E33-20AC-401C-AF1F-8F4BC0CB0C37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.17:exp2:*:*:*:*:*:*",
"matchCriteriaId": "595406A6-DFD2-4E26-82C8-745E0AC0D6B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.17:exp3:*:*:*:*:*:*",
"matchCriteriaId": "4ED3DB0F-E9BF-4E23-8057-AACA17475C66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.17:exp4:*:*:*:*:*:*",
"matchCriteriaId": "39A7A479-6225-43EA-B010-46EF4BC77E10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.18:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC4CC2E-7E68-4360-8360-B0463D9B6B79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.19:*:*:*:*:*:*:*",
"matchCriteriaId": "BF988A0E-A630-40DD-9387-2C1610D2F932",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.20:*:*:*:*:*:*:*",
"matchCriteriaId": "63E05BE6-9BDF-441E-873E-A4D965B3494F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBE7EC9A-2E4D-4A60-AC88-F390F5B3432A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.20.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A2257DAB-0A44-4841-9EF9-CBBF9BB68F40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "47EDE750-C502-4B25-829D-D0C0F2653C19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "189E20DE-EEFB-488A-B741-4BC80CF553B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.22.1:*:*:*:*:*:*:*",
"matchCriteriaId": "96D80D63-6971-4CC7-A9A8-D9D05767F60A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.22.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1186DDDE-FCF4-45B8-A7EA-2DAE8DA3F010",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.23:*:*:*:*:*:*:*",
"matchCriteriaId": "58F88656-5BF9-4D51-9C37-26E9685484F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.23.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9AB74135-2BB7-42F7-99CB-AFF0B811B66A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.24:*:*:*:*:*:*:*",
"matchCriteriaId": "1B025168-8319-45C2-82BC-97EBD5EE563E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "58F0D8BF-F9D3-40D0-AD71-9978F2A1FD29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.0:pre1:*:*:*:*:*:*",
"matchCriteriaId": "E82F9BF7-D4DD-4CF5-BE57-4772B7DDD5D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.0:pre2:*:*:*:*:*:*",
"matchCriteriaId": "7F4BC141-EEEB-4D0B-A3D4-24929855B685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6CA54D7A-9296-4530-8215-6EB708DDE2B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "04F345BE-745C-418D-BF0F-B7A5F1E3A5B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "46799DD7-E46E-4EB2-AF13-852407384A5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C417AF8F-D12C-4759-B99D-C60E139B9946",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "225275E2-3E9E-48FE-A2FF-9FE37A67E550",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.11:*:*:*:*:*:*:*",
"matchCriteriaId": "3EA2183D-7D9E-4841-A1C9-B843AF3A03F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7EAB3B8A-BDFA-4EDD-9A6D-F3CDE4977EDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7A629D58-017D-4F27-B286-42094C727822",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9817661D-CACE-4D81-9432-2CDE5A51F4DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A1A65066-5A1A-4091-9219-6060A662653D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FAFCA592-F57F-4C12-A1F7-496BDFB2A4A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "9793E4BB-5969-45DB-B9F6-29CB9C98D559",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.13:*:*:*:*:*:*:*",
"matchCriteriaId": "7427F24E-D3CB-498E-8695-9FC40546CFA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "70A8FE33-63BC-4145-A6CA-90A61CB81AC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "08C018A3-012C-4790-9D09-36661549A6E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.14:*:*:*:*:*:*:*",
"matchCriteriaId": "406C6D95-53B7-4950-83C5-4C27E755F24A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F0E56161-E80F-4EC4-9D1C-0FBCA672EEFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.15:*:*:*:*:*:*:*",
"matchCriteriaId": "64C1D283-9326-4A6E-9529-BA8D26A36CE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.15:exp1:*:*:*:*:*:*",
"matchCriteriaId": "1784FE65-DAE2-4E97-96A3-9A1835040245",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.15:exp2:*:*:*:*:*:*",
"matchCriteriaId": "6368BAB5-D44D-42B3-B5F7-E343E1101CDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.15:exp3:*:*:*:*:*:*",
"matchCriteriaId": "F2D3D5D9-97D1-44C6-B3BE-C9CFC1451FD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F5C252C-76F7-492F-AFFB-3BE2A63EE22E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.15.6:*:*:*:*:*:*:*",
"matchCriteriaId": "233F5902-0AF1-4417-8C97-34C9B64C09AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.15.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5D613D7E-4456-4F47-9F13-F5D746F8715B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.15.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6DBD6821-E6C3-4F76-89C9-19478D8EB13A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.15.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2E7D4F82-45B9-4FC9-85C5-3F5E3966A243",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "475F9461-71F5-4E01-9399-E0413390A423",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install altered packages via a man-in-the-middle (MITM) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3587."
},
{
"lang": "es",
"value": "APT v0.7.x antes de v0.7.25 y v0.8.x antes de v0.8.16, cuando se utiliza el apt-key net-update para importar archivos de claves, se basa en el orden de los argumentos GnuPG y no verifica subclaves GPG, lo que podr\u00eda permitir a atacantes remotos instalar paquetes alterados a trav\u00e9s de un ataque man-in-the-middle (MITM). NOTA: esta vulnerabilidad existe debido a una soluci\u00f3n incompleta para CVE-2012-3587."
}
],
"id": "CVE-2012-0954",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-06-19T20:55:05.380",
"references": [
{
"source": "security@ubuntu.com",
"url": "http://seclists.org/fulldisclosure/2012/Jun/267"
},
{
"source": "security@ubuntu.com",
"url": "http://seclists.org/fulldisclosure/2012/Jun/271"
},
{
"source": "security@ubuntu.com",
"url": "http://seclists.org/fulldisclosure/2012/Jun/289"
},
{
"source": "security@ubuntu.com",
"url": "http://www.securityfocus.com/bid/54046"
},
{
"source": "security@ubuntu.com",
"url": "http://www.ubuntu.com/usn/USN-1475-1"
},
{
"source": "security@ubuntu.com",
"url": "http://www.ubuntu.com/usn/USN-1477-1"
},
{
"source": "security@ubuntu.com",
"url": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013128"
},
{
"source": "security@ubuntu.com",
"url": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013639"
},
{
"source": "security@ubuntu.com",
"url": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013681"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2012/Jun/267"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2012/Jun/271"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2012/Jun/289"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/54046"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1475-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1477-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013128"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013639"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013681"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…