CVE-2012-0214
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The pkgAcqMetaClearSig::Failed method in apt-pkg/acquire-item.cc in Advanced Package Tool (APT) 0.8.11 through 0.8.15.10 and 0.8.16 before 0.8.16~exp13, when updating from repositories that use InRelease files, allows man-in-the-middle attackers to install arbitrary packages by preventing a user from downloading the new InRelease file, which leaves the original InRelease file active and makes it more difficult to detect that the Packages file is modified and unsigned.
El método pkgAcqMetaClearSig::Failed en apt-pkg/acquire-item.cc en Advanced Package Tool (APT) 0.8.11 hasta 0.8.15.10 y 0.8.16 anterior a 0.8.16~exp13, cuando actualizando desde repositorios que utilizan ficheros lnRelease, permite a atacantes man-in-the-middle instalar paquetes arbitrarios previniendo al usuario de descargar el nuevo fichero InRelease, el cual deja el fichero InRelease original activo y hace más difícil detectar que el fichero Packages está modificado y no firmado.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2011-12-14 CVE Reserved
- 2012-03-06 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://anonscm.debian.org/gitweb/?p=apt/apt.git%3Ba=commitdiff%3Bh=b7a6594d1e5ed199a7a472b78b33e070375d6f92 | X_refsource_confirm | |
| http://anonscm.debian.org/gitweb/?p=apt/apt.git%3Ba=commitdiff%3Bh=de498a528cd6fc36c4bb22bf8dec6558e21cc9b6 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.ubuntu.com/usn/USN-1385-1 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Advanced Package Tool Search vendor "Advanced Package Tool" | Advanced Package Tool Search vendor "Advanced Package Tool" for product "Advanced Package Tool" | <= 0.8.16\~exp12 Search vendor "Advanced Package Tool" for product "Advanced Package Tool" and version " <= 0.8.16\~exp12" | - |
Affected
| ||||||
| Advanced Package Tool Search vendor "Advanced Package Tool" | Advanced Package Tool Search vendor "Advanced Package Tool" for product "Advanced Package Tool" | 0.8.11 Search vendor "Advanced Package Tool" for product "Advanced Package Tool" and version "0.8.11" | - |
Affected
| ||||||
| Advanced Package Tool Search vendor "Advanced Package Tool" | Advanced Package Tool Search vendor "Advanced Package Tool" for product "Advanced Package Tool" | 0.8.12 Search vendor "Advanced Package Tool" for product "Advanced Package Tool" and version "0.8.12" | - |
Affected
| ||||||
| Advanced Package Tool Search vendor "Advanced Package Tool" | Advanced Package Tool Search vendor "Advanced Package Tool" for product "Advanced Package Tool" | 0.8.13 Search vendor "Advanced Package Tool" for product "Advanced Package Tool" and version "0.8.13" | - |
Affected
| ||||||
| Advanced Package Tool Search vendor "Advanced Package Tool" | Advanced Package Tool Search vendor "Advanced Package Tool" for product "Advanced Package Tool" | 0.8.14 Search vendor "Advanced Package Tool" for product "Advanced Package Tool" and version "0.8.14" | - |
Affected
| ||||||
| Advanced Package Tool Search vendor "Advanced Package Tool" | Advanced Package Tool Search vendor "Advanced Package Tool" for product "Advanced Package Tool" | 0.8.15 Search vendor "Advanced Package Tool" for product "Advanced Package Tool" and version "0.8.15" | - |
Affected
| ||||||