2.6
CVE-2012-0954
- EPSS 2.21%
- Veröffentlicht 19.06.2012 20:55:05
- Zuletzt bearbeitet 16.06.2026 23:38:34
- Quelle security@ubuntu.com
- CVE-Watchlists
- Unerledigt
APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install altered packages via a man-in-the-middle (MITM) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3587.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Debian ≫ Advanced Package Tool Version0.7.0
Debian ≫ Advanced Package Tool Version0.7.1
Debian ≫ Advanced Package Tool Version0.7.2
Debian ≫ Advanced Package Tool Version0.7.2-0.1
Debian ≫ Advanced Package Tool Version0.7.10
Debian ≫ Advanced Package Tool Version0.7.11
Debian ≫ Advanced Package Tool Version0.7.12
Debian ≫ Advanced Package Tool Version0.7.13
Debian ≫ Advanced Package Tool Version0.7.14
Debian ≫ Advanced Package Tool Version0.7.15
Debian ≫ Advanced Package Tool Version0.7.15 Updateexp1
Debian ≫ Advanced Package Tool Version0.7.15 Updateexp2
Debian ≫ Advanced Package Tool Version0.7.15 Updateexp3
Debian ≫ Advanced Package Tool Version0.7.16
Debian ≫ Advanced Package Tool Version0.7.17
Debian ≫ Advanced Package Tool Version0.7.17 Updateexp1
Debian ≫ Advanced Package Tool Version0.7.17 Updateexp2
Debian ≫ Advanced Package Tool Version0.7.17 Updateexp3
Debian ≫ Advanced Package Tool Version0.7.17 Updateexp4
Debian ≫ Advanced Package Tool Version0.7.18
Debian ≫ Advanced Package Tool Version0.7.19
Debian ≫ Advanced Package Tool Version0.7.20
Debian ≫ Advanced Package Tool Version0.7.20.1
Debian ≫ Advanced Package Tool Version0.7.20.2
Debian ≫ Advanced Package Tool Version0.7.21
Debian ≫ Advanced Package Tool Version0.7.22
Debian ≫ Advanced Package Tool Version0.7.22.1
Debian ≫ Advanced Package Tool Version0.7.22.2
Debian ≫ Advanced Package Tool Version0.7.23
Debian ≫ Advanced Package Tool Version0.7.23.1
Debian ≫ Advanced Package Tool Version0.7.24
Debian ≫ Advanced Package Tool Version0.8.0
Debian ≫ Advanced Package Tool Version0.8.0 Updatepre1
Debian ≫ Advanced Package Tool Version0.8.0 Updatepre2
Debian ≫ Advanced Package Tool Version0.8.1
Debian ≫ Advanced Package Tool Version0.8.10
Debian ≫ Advanced Package Tool Version0.8.10.1
Debian ≫ Advanced Package Tool Version0.8.10.2
Debian ≫ Advanced Package Tool Version0.8.10.3
Debian ≫ Advanced Package Tool Version0.8.11
Debian ≫ Advanced Package Tool Version0.8.11.1
Debian ≫ Advanced Package Tool Version0.8.11.2
Debian ≫ Advanced Package Tool Version0.8.11.3
Debian ≫ Advanced Package Tool Version0.8.11.4
Debian ≫ Advanced Package Tool Version0.8.11.5
Debian ≫ Advanced Package Tool Version0.8.12
Debian ≫ Advanced Package Tool Version0.8.13
Debian ≫ Advanced Package Tool Version0.8.13.1
Debian ≫ Advanced Package Tool Version0.8.13.2
Debian ≫ Advanced Package Tool Version0.8.14
Debian ≫ Advanced Package Tool Version0.8.14.1
Debian ≫ Advanced Package Tool Version0.8.15
Debian ≫ Advanced Package Tool Version0.8.15 Updateexp1
Debian ≫ Advanced Package Tool Version0.8.15 Updateexp2
Debian ≫ Advanced Package Tool Version0.8.15 Updateexp3
Debian ≫ Advanced Package Tool Version0.8.15.1
Debian ≫ Advanced Package Tool Version0.8.15.6
Debian ≫ Advanced Package Tool Version0.8.15.7
Debian ≫ Advanced Package Tool Version0.8.15.8
Debian ≫ Advanced Package Tool Version0.8.15.9
Debian ≫ Advanced Package Tool Version0.8.15.10
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.21% | 0.803 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 2.6 | 4.9 | 2.9 |
AV:N/AC:H/Au:N/C:N/I:P/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://seclists.org/fulldisclosure/2012/Jun/267
http://seclists.org/fulldisclosure/2012/Jun/271
http://seclists.org/fulldisclosure/2012/Jun/289
http://www.securityfocus.com/bid/54046
http://www.ubuntu.com/usn/USN-1475-1
http://www.ubuntu.com/usn/USN-1477-1
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013128
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013639
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013681