3 results (0.011 seconds)

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

Aptdaemon 0.43 in Ubuntu 11.10 and 12.04 LTS uses short IDs when importing PPA GPG keys from a keyserver, which allows remote attackers to install arbitrary package repository GPG keys via a man-in-the-middle (MITM) attack. Aptdaemon v0.43 en Ubuntu v11.10 y v12.04 LTS utiliza identificadores cortos al importar claves GPG PPA de un servidor de claves, lo que permite a atacantes remotos instalar claves GPG de repositorios de paquetes de su elección mediante un ataque man-in-the-middle (MITM). • http://secunia.com/advisories/51627 http://www.securityfocus.com/bid/56959 http://www.securitytracker.com/id?1027891 http://www.ubuntu.com/usn/USN-1666-1 https://bugs.launchpad.net/software-center-agent/%2Bbug/1052789 •

CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 0

Aptdaemon 0.43 and earlier in Ubuntu 11.04, 11.10, and 12.04 LTS does not authenticate packages when the transaction is not simulated, which allows remote attackers to install arbitrary packages via a man-in-the-middle attack. v0.43 y anteriores en Ubuntu 11.04, v11.10, y v12.04 LTS no autentica los paquetes cuando la transacción no es simulada, lo que permite a atacantes remotos a instalar paquetes a través de ataques "man-in-the-middle". • http://secunia.com/advisories/48688 http://ubuntu.com/usn/usn-1414-1 http://www.osvdb.org/80887 http://www.securityfocus.com/bid/52855 https://bugs.launchpad.net/ubuntu/%2Bsource/aptdaemon/%2Bbug/959131 https://exchange.xforce.ibmcloud.com/vulnerabilities/74553 • CWE-287: Improper Authentication •

CVSS: 4.9EPSS: 0%CPEs: 3EXPL: 0

Absolute path traversal vulnerability in the org.debian.apt.UpdateCachePartially method in worker.py in Aptdaemon 0.40 in Ubuntu 10.10 and 11.04 allows local users to read arbitrary files via a full pathname in the sources_list argument, related to the D-Bus interface. Vulnerabilidad de salto de directorio absoluto en el método org.debian.apt.UpdateCachePartially en worker.py en Aptdaemon v0.40 en Ubuntu v10.10 y v11.04 permite a usuarios locales leer archivos de su elección a través de una ruta completa en el argumento sources_list, relativo al interfase D-bus. • http://www.securityfocus.com/bid/46490 http://www.securitytracker.com/id?1025107 http://www.ubuntu.com/usn/USN-1068-1 http://www.vupen.com/english/advisories/2011/0459 https://bugs.launchpad.net/bugs/722228 https://exchange.xforce.ibmcloud.com/vulnerabilities/65652 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •