Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2016-1252

Published: 05/12/2017 Updated: 14/08/2020
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2
VMScore: 436
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Advanced Package Tool

Vulnerability Summary

The apt package in Debian jessie prior to 1.0.9.8.4, in Debian unstable prior to 1.4~beta2, in Ubuntu 14.04 LTS prior to 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS prior to 1.2.15ubuntu0.2, and in Ubuntu 16.10 prior to 1.3.2ubuntu0.1 allows man-in-the-middle malicious users to bypass a repository-signing protection mechanism by leveraging improper error handling when validating InRelease file signatures.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

debian advanced_package_tool

canonical ubuntu linux 14.04

canonical ubuntu linux 16.04

canonical ubuntu linux 16.10

Vendor Advisories

Ubuntu Security Notice: apt vulnerability
An attacker could trick APT into installing altered packages ...
Debian Security Advisories: DSA-3733-1 apt -- security update
Jann Horn of Google Project Zero discovered that APT, the high level package manager, does not properly handle errors when validating signatures on InRelease files An attacker able to man-in-the-middle HTTP requests to an apt repository that uses InRelease files (clearsigned Release files), can take advantage of this flaw to circumvent the signatu ...

Exploits

Exploit DB: APT - Repository Signing Bypass via Memory Allocation Failure
Source: bugschromiumorg/p/project-zero/issues/detail?id=1020 == Vulnerability == When apt-get updates a repository that uses an InRelease file (clearsigned Release files), this file is processed as follows: First, the InRelease file is downloaded to disk In a subprocess running the gpgv helper, "apt-key verify" (with some more arguments ...

Github Repositories

https://github.com/illikainen/digestlookup

Retrieve package digests

About Digestlookup retrieves digests from various package repository metadata The downloaded metadata is PGP-verified before it's parsed Additionally, connections to repository mirrors are pinned by their TLS/SSL keys in order to mitigate the impact of bugs like CVE-2016-1252 and CVE-2019-3462 The currently supported repositories are APT (Debian, Ubuntu, et al) and Po

https://github.com/bahramGithubRepository/CVE-Management-Tool

CVE Management Tool CVE Management Tool is a Java-based desktop application and it provides a facility to add, edit and delete CVE information for an end user This application accepts an input file from CVE Check Tool (Github) and saves the CVE information in a MySQL database 1- Requirement to use this application you have to install pre requirement library and tools JDK 1

https://github.com/asim-jaweesh/Packet-Injection-in-Sudan-Analysis

[ARCHIVE] To analyze samples downloaded over insecure channel and secure channels

TL;DR All issues discussed here ARE a result of caching servers that served older versions of software over insecure protocols and channels Shady downloads and redirections To analyze samples downloaded over insecure channel and secure channels from Sudanese ISPs [Update] November 2019 Turns out there is a dedicated website called why does apt not use https dot com yes

https://github.com/actions-marketplace-validations/Tufin_securecloud-image-analysis-action

Tufin Labs - Github Action for Docker Vulnerability Scanning This GitHub Action scans a docker image for vulnerabilities using Tufin SecureCloud Setup Signup to SecureCloud In the SecureCloud console, go to the Kubernetes/Settings/General view and copy two tokens: The token with Scope=agent and Label=kite The token with Scope=all and Label=CI Add the following se

https://github.com/jaweesh/Packet-Injection-in-Sudan-Analysis

[ARCHIVE] To analyze samples downloaded over insecure channel and secure channels

TL;DR All issues discussed here ARE a result of caching servers that served older versions of software over insecure protocols and channels Shady downloads and redirections To analyze samples downloaded over insecure channel and secure channels from Sudanese ISPs [Update] November 2019 Turns out there is a dedicated website called why does apt not use https dot com yes

References

CWE-295https://www.exploit-db.com/exploits/40916/https://www.debian.org/security/2016/dsa-3733https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1647467https://bugs.chromium.org/p/project-zero/issues/detail?id=1020http://www.ubuntu.com/usn/USN-3156-1http://packetstormsecurity.com/files/140145/apt-Repository-Signing-Bypass.htmlhttps://usn.ubuntu.com/3156-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/40916/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook