methods/https.cc in apt prior to 0.8.11 accepts connections when the certificate host name fails validation and Verify-Host is enabled, which allows man-in-the-middle malicious users to obtain repository credentials via unspecified vectors.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
canonical ubuntu linux 10.10 |
||
canonical ubuntu linux 8.04 |
||
canonical ubuntu linux 11.04 |
||
canonical ubuntu linux 10.04 |
||
debian advanced package tool 0.8.0 |
||
debian advanced package tool 0.8.1 |
||
debian advanced package tool 0.8.10 |
||
debian advanced package tool 0.8.10.1 |
||
debian advanced package tool 0.8.10.2 |
||
debian advanced package tool |