CVE-2012-5356
https://notcve.org/view.php?id=CVE-2012-5356
The apt-add-repository tool in Ubuntu Software Properties 0.75.x before 0.75.10.3, 0.80.x before 0.80.9.2, 0.81.x before 0.81.13.5, 0.82.x before 0.82.7.3, and 0.92.x before 0.92.8 does not properly check PPA GPG keys imported from a keyserver, which allows remote attackers to install arbitrary package repository GPG keys via a man-in-the-middle (MITM) attack. La herramienta apt-add-repository v0.75.x antes de v0.75.10.3, v0.80.x antes de v0.80.9.2, antes de v0.81.x antes de v0.81.13.5, v0.82.x antes de v0.82.7.3, y antes de v0.92.x antes de v0.92.8 no comprueba correctamente las llaves PPA GPG importadas desde el servidor de claves, lo que permite a atacantes remotos instalar llaves GPG arbitrarias de paquetes del repositorio mediante un ataque man-in-the-middle (MITM). • http://www.securityfocus.com/bid/55736 http://www.ubuntu.com/usn/USN-1588-1 https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1016643 https://exchange.xforce.ibmcloud.com/vulnerabilities/78990 • CWE-20: Improper Input Validation •