CVE-2012-0944
https://notcve.org/view.php?id=CVE-2012-0944
Aptdaemon 0.43 and earlier in Ubuntu 11.04, 11.10, and 12.04 LTS does not authenticate packages when the transaction is not simulated, which allows remote attackers to install arbitrary packages via a man-in-the-middle attack. v0.43 y anteriores en Ubuntu 11.04, v11.10, y v12.04 LTS no autentica los paquetes cuando la transacción no es simulada, lo que permite a atacantes remotos a instalar paquetes a través de ataques "man-in-the-middle". • http://secunia.com/advisories/48688 http://ubuntu.com/usn/usn-1414-1 http://www.osvdb.org/80887 http://www.securityfocus.com/bid/52855 https://bugs.launchpad.net/ubuntu/%2Bsource/aptdaemon/%2Bbug/959131 https://exchange.xforce.ibmcloud.com/vulnerabilities/74553 • CWE-287: Improper Authentication •
CVE-2011-0725
https://notcve.org/view.php?id=CVE-2011-0725
Absolute path traversal vulnerability in the org.debian.apt.UpdateCachePartially method in worker.py in Aptdaemon 0.40 in Ubuntu 10.10 and 11.04 allows local users to read arbitrary files via a full pathname in the sources_list argument, related to the D-Bus interface. Vulnerabilidad de salto de directorio absoluto en el método org.debian.apt.UpdateCachePartially en worker.py en Aptdaemon v0.40 en Ubuntu v10.10 y v11.04 permite a usuarios locales leer archivos de su elección a través de una ruta completa en el argumento sources_list, relativo al interfase D-bus. • http://www.securityfocus.com/bid/46490 http://www.securitytracker.com/id?1025107 http://www.ubuntu.com/usn/USN-1068-1 http://www.vupen.com/english/advisories/2011/0459 https://bugs.launchpad.net/bugs/722228 https://exchange.xforce.ibmcloud.com/vulnerabilities/65652 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •