CVE-2012-0954

EPSS 0.37%
Veröffentlicht 19.06.2012 20:55:05
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle security@ubuntu.com
Teams Watchlist Login
Unerledigt Login

APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install altered packages via a man-in-the-middle (MITM) attack.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3587.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 12

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Debian ≫ Advanced Package Tool Version0.7.0

Debian ≫ Advanced Package Tool Version0.7.1

Debian ≫ Advanced Package Tool Version0.7.2

Debian ≫ Advanced Package Tool Version0.7.2-0.1

Debian ≫ Advanced Package Tool Version0.7.10

Debian ≫ Advanced Package Tool Version0.7.11

Debian ≫ Advanced Package Tool Version0.7.12

Debian ≫ Advanced Package Tool Version0.7.13

Debian ≫ Advanced Package Tool Version0.7.14

Debian ≫ Advanced Package Tool Version0.7.15

Debian ≫ Advanced Package Tool Version0.7.15 Updateexp1

Debian ≫ Advanced Package Tool Version0.7.15 Updateexp2

Debian ≫ Advanced Package Tool Version0.7.15 Updateexp3

Debian ≫ Advanced Package Tool Version0.7.16

Debian ≫ Advanced Package Tool Version0.7.17

Debian ≫ Advanced Package Tool Version0.7.17 Updateexp1

Debian ≫ Advanced Package Tool Version0.7.17 Updateexp2

Debian ≫ Advanced Package Tool Version0.7.17 Updateexp3

Debian ≫ Advanced Package Tool Version0.7.17 Updateexp4

Debian ≫ Advanced Package Tool Version0.7.18

Debian ≫ Advanced Package Tool Version0.7.19

Debian ≫ Advanced Package Tool Version0.7.20

Debian ≫ Advanced Package Tool Version0.7.20.1

Debian ≫ Advanced Package Tool Version0.7.20.2

Debian ≫ Advanced Package Tool Version0.7.21

Debian ≫ Advanced Package Tool Version0.7.22

Debian ≫ Advanced Package Tool Version0.7.22.1

Debian ≫ Advanced Package Tool Version0.7.22.2

Debian ≫ Advanced Package Tool Version0.7.23

Debian ≫ Advanced Package Tool Version0.7.23.1

Debian ≫ Advanced Package Tool Version0.7.24

Debian ≫ Advanced Package Tool Version0.8.0

Debian ≫ Advanced Package Tool Version0.8.0 Updatepre1

Debian ≫ Advanced Package Tool Version0.8.0 Updatepre2

Debian ≫ Advanced Package Tool Version0.8.1

Debian ≫ Advanced Package Tool Version0.8.10

Debian ≫ Advanced Package Tool Version0.8.10.1

Debian ≫ Advanced Package Tool Version0.8.10.2

Debian ≫ Advanced Package Tool Version0.8.10.3

Debian ≫ Advanced Package Tool Version0.8.11

Debian ≫ Advanced Package Tool Version0.8.11.1

Debian ≫ Advanced Package Tool Version0.8.11.2

Debian ≫ Advanced Package Tool Version0.8.11.3

Debian ≫ Advanced Package Tool Version0.8.11.4

Debian ≫ Advanced Package Tool Version0.8.11.5

Debian ≫ Advanced Package Tool Version0.8.12

Debian ≫ Advanced Package Tool Version0.8.13

Debian ≫ Advanced Package Tool Version0.8.13.1

Debian ≫ Advanced Package Tool Version0.8.13.2

Debian ≫ Advanced Package Tool Version0.8.14

Debian ≫ Advanced Package Tool Version0.8.14.1

Debian ≫ Advanced Package Tool Version0.8.15

Debian ≫ Advanced Package Tool Version0.8.15 Updateexp1

Debian ≫ Advanced Package Tool Version0.8.15 Updateexp2

Debian ≫ Advanced Package Tool Version0.8.15 Updateexp3

Debian ≫ Advanced Package Tool Version0.8.15.1

Debian ≫ Advanced Package Tool Version0.8.15.6

Debian ≫ Advanced Package Tool Version0.8.15.7

Debian ≫ Advanced Package Tool Version0.8.15.8

Debian ≫ Advanced Package Tool Version0.8.15.9

Debian ≫ Advanced Package Tool Version0.8.15.10

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.37%	0.558

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	2.6	4.9	2.9	AV:N/AC:H/Au:N/C:N/I:P/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://seclists.org/fulldisclosure/2012/Jun/267

http://seclists.org/fulldisclosure/2012/Jun/271

http://seclists.org/fulldisclosure/2012/Jun/289

http://www.securityfocus.com/bid/54046

http://www.ubuntu.com/usn/USN-1475-1

http://www.ubuntu.com/usn/USN-1477-1

https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013128

https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013639

https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013681

https://nvd.nist.gov/vuln/detail/CVE-2012-0954

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-0954

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-0954

EUVD