// For flags

CVE-2012-0214

 

Severity Score

4.3
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The pkgAcqMetaClearSig::Failed method in apt-pkg/acquire-item.cc in Advanced Package Tool (APT) 0.8.11 through 0.8.15.10 and 0.8.16 before 0.8.16~exp13, when updating from repositories that use InRelease files, allows man-in-the-middle attackers to install arbitrary packages by preventing a user from downloading the new InRelease file, which leaves the original InRelease file active and makes it more difficult to detect that the Packages file is modified and unsigned.

El método pkgAcqMetaClearSig::Failed en apt-pkg/acquire-item.cc en Advanced Package Tool (APT) 0.8.11 hasta 0.8.15.10 y 0.8.16 anterior a 0.8.16~exp13, cuando actualizando desde repositorios que utilizan ficheros lnRelease, permite a atacantes man-in-the-middle instalar paquetes arbitrarios previniendo al usuario de descargar el nuevo fichero InRelease, el cual deja el fichero InRelease original activo y hace más difícil detectar que el fichero Packages está modificado y no firmado.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2011-12-14 CVE Reserved
  • 2012-03-06 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-264: Permissions, Privileges, and Access Controls
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Advanced Package Tool
Search vendor "Advanced Package Tool"
Advanced Package Tool
Search vendor "Advanced Package Tool" for product "Advanced Package Tool"
<= 0.8.16\~exp12
Search vendor "Advanced Package Tool" for product "Advanced Package Tool" and version " <= 0.8.16\~exp12"
-
Affected
Advanced Package Tool
Search vendor "Advanced Package Tool"
Advanced Package Tool
Search vendor "Advanced Package Tool" for product "Advanced Package Tool"
0.8.11
Search vendor "Advanced Package Tool" for product "Advanced Package Tool" and version "0.8.11"
-
Affected
Advanced Package Tool
Search vendor "Advanced Package Tool"
Advanced Package Tool
Search vendor "Advanced Package Tool" for product "Advanced Package Tool"
0.8.12
Search vendor "Advanced Package Tool" for product "Advanced Package Tool" and version "0.8.12"
-
Affected
Advanced Package Tool
Search vendor "Advanced Package Tool"
Advanced Package Tool
Search vendor "Advanced Package Tool" for product "Advanced Package Tool"
0.8.13
Search vendor "Advanced Package Tool" for product "Advanced Package Tool" and version "0.8.13"
-
Affected
Advanced Package Tool
Search vendor "Advanced Package Tool"
Advanced Package Tool
Search vendor "Advanced Package Tool" for product "Advanced Package Tool"
0.8.14
Search vendor "Advanced Package Tool" for product "Advanced Package Tool" and version "0.8.14"
-
Affected
Advanced Package Tool
Search vendor "Advanced Package Tool"
Advanced Package Tool
Search vendor "Advanced Package Tool" for product "Advanced Package Tool"
0.8.15
Search vendor "Advanced Package Tool" for product "Advanced Package Tool" and version "0.8.15"
-
Affected