CVE-2012-0954

NONECVSS 0.0

0.0

APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install altered packages via a man-in-the-middle (MITM) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3587.

🔗 References (18)

security@ubuntuhttp://seclists.org/fulldisclosure/2012/Jun/267
security@ubuntuhttp://seclists.org/fulldisclosure/2012/Jun/271
security@ubuntuhttp://seclists.org/fulldisclosure/2012/Jun/289
security@ubuntuhttp://www.securityfocus.com/bid/54046
security@ubuntuhttp://www.ubuntu.com/usn/USN-1475-1
security@ubuntuhttp://www.ubuntu.com/usn/USN-1477-1
security@ubuntuhttps://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013128
security@ubuntuhttps://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013639
security@ubuntuhttps://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013681
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2012/Jun/267
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2012/Jun/271
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2012/Jun/289
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/54046
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1475-1
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1477-1

Is Your Infrastructure Affected by CVE-2012-0954?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2012-0954

📅 Published

🔄 Last Modified

🔗 References (18)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2012-0954?