Published: 15/04/2014 Updated: 07/11/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

The pkgAcqMetaClearSig::Failed method in apt-pkg/acquire-item.cc in Advanced Package Tool (APT) 0.8.11 up to and including 0.8.15.10 and 0.8.16 prior to 0.8.16~exp13, when updating from repositories that use InRelease files, allows man-in-the-middle malicious users to install arbitrary packages by preventing a user from downloading the new InRelease file, which leaves the original InRelease file active and makes it more difficult to detect that the Packages file is modified and unsigned.

Vulnerable Product	Search on Vulmon	Subscribe to Product
advanced package tool advanced package tool 0.8.13
advanced package tool advanced package tool 0.8.14
advanced package tool advanced package tool 0.8.15
advanced package tool advanced package tool
advanced package tool advanced package tool 0.8.12
advanced package tool advanced package tool 0.8.11

An attacker could trick APT into installing altered packages ...

CWE-264 http://www.ubuntu.com/usn/USN-1385-1 http://anonscm.debian.org/gitweb/?p=apt/apt.git%3Ba=commitdiff%3Bh=b7a6594d1e5ed199a7a472b78b33e070375d6f92 http://anonscm.debian.org/gitweb/?p=apt/apt.git%3Ba=commitdiff%3Bh=de498a528cd6fc36c4bb22bf8dec6558e21cc9b6 https://usn.ubuntu.com/1385-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2012-0214

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect