4.3

CVE-2011-3374

Exploit
It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
DebianDebian Linux Version10.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.19% 0.639
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 3.7 2.2 1.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-347 Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

https://access.redhat.com/security/cve/cve-2011-3374
Broken Link
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
Third Party Advisory
Mailing List
Issue Tracking
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
Third Party Advisory
https://seclists.org/fulldisclosure/2011/Sep/221
Third Party Advisory
Exploit
Mailing List
https://security-tracker.debian.org/tracker/CVE-2011-3374
Third Party Advisory
https://snyk.io/vuln/SNYK-LINUX-APT-116518
Broken Link
https://ubuntu.com/security/CVE-2011-3374
Third Party Advisory