CVE-2012-0954
Ubuntu Security Notice USN-1477-1
Severity Score
7.4
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install altered packages via a man-in-the-middle (MITM) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3587.
APT v0.7.x antes de v0.7.25 y v0.8.x antes de v0.8.16, cuando se utiliza el apt-key net-update para importar archivos de claves, se basa en el orden de los argumentos GnuPG y no verifica subclaves GPG, lo que podría permitir a atacantes remotos instalar paquetes alterados a través de un ataque man-in-the-middle (MITM). NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2012-3587.
Georgi Guninski discovered that APT did not properly validate imported keyrings via apt-key net-update. USN-1475-1 added additional verification for imported keyrings, but it was insufficient. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. This update corrects the issue by disabling the net-update option completely. A future update will re-enable the option with corrected verification.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2012-02-01 CVE Reserved
- 2012-06-16 CVE Published
- 2024-09-16 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://seclists.org/fulldisclosure/2012/Jun/267 | Mailing List |
|
| http://seclists.org/fulldisclosure/2012/Jun/271 | Mailing List |
|
| http://seclists.org/fulldisclosure/2012/Jun/289 | Mailing List |
|
| http://www.securityfocus.com/bid/54046 | Vdb Entry | |
| https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013128 | X_refsource_confirm | |
| https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013639 | X_refsource_confirm | |
| https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013681 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.ubuntu.com/usn/USN-1475-1 | 2020-01-08 | |
| http://www.ubuntu.com/usn/USN-1477-1 | 2020-01-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | 0.7.0 Search vendor "Debian" for product "Advanced Package Tool" and version "0.7.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | 0.7.1 Search vendor "Debian" for product "Advanced Package Tool" and version "0.7.1" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | 0.7.2 Search vendor "Debian" for product "Advanced Package Tool" and version "0.7.2" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | 0.7.2-0.1 Search vendor "Debian" for product "Advanced Package Tool" and version "0.7.2-0.1" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | 0.7.10 Search vendor "Debian" for product "Advanced Package Tool" and version "0.7.10" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | 0.7.11 Search vendor "Debian" for product "Advanced Package Tool" and version "0.7.11" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | 0.7.12 Search vendor "Debian" for product "Advanced Package Tool" and version "0.7.12" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | 0.7.13 Search vendor "Debian" for product "Advanced Package Tool" and version "0.7.13" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | 0.7.14 Search vendor "Debian" for product "Advanced Package Tool" and version "0.7.14" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | 0.7.15 Search vendor "Debian" for product "Advanced Package Tool" and version "0.7.15" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | 0.7.15 Search vendor "Debian" for product "Advanced Package Tool" and version "0.7.15" | exp1 |
Affected
| ||||||
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | 0.7.15 Search vendor "Debian" for product "Advanced Package Tool" and version "0.7.15" | exp2 |
Affected
| ||||||
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | 0.7.15 Search vendor "Debian" for product "Advanced Package Tool" and version "0.7.15" | exp3 |
Affected
| ||||||
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | 0.7.16 Search vendor "Debian" for product "Advanced Package Tool" and version "0.7.16" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | 0.7.17 Search vendor "Debian" for product "Advanced Package Tool" and version "0.7.17" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | 0.7.17 Search vendor "Debian" for product "Advanced Package Tool" and version "0.7.17" | exp1 |
Affected
| ||||||
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | 0.7.17 Search vendor "Debian" for product "Advanced Package Tool" and version "0.7.17" | exp2 |
Affected
| ||||||
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | 0.7.17 Search vendor "Debian" for product "Advanced Package Tool" and version "0.7.17" | exp3 |
Affected
| ||||||
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | 0.7.17 Search vendor "Debian" for product "Advanced Package Tool" and version "0.7.17" | exp4 |
Affected
| ||||||
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | 0.7.18 Search vendor "Debian" for product "Advanced Package Tool" and version "0.7.18" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | 0.7.19 Search vendor "Debian" for product "Advanced Package Tool" and version "0.7.19" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | 0.7.20 Search vendor "Debian" for product "Advanced Package Tool" and version "0.7.20" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | 0.7.20.1 Search vendor "Debian" for product "Advanced Package Tool" and version "0.7.20.1" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | 0.7.20.2 Search vendor "Debian" for product "Advanced Package Tool" and version "0.7.20.2" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | 0.7.21 Search vendor "Debian" for product "Advanced Package Tool" and version "0.7.21" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | 0.7.22 Search vendor "Debian" for product "Advanced Package Tool" and version "0.7.22" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | 0.7.22.1 Search vendor "Debian" for product "Advanced Package Tool" and version "0.7.22.1" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | 0.7.22.2 Search vendor "Debian" for product "Advanced Package Tool" and version "0.7.22.2" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | 0.7.23 Search vendor "Debian" for product "Advanced Package Tool" and version "0.7.23" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | 0.7.23.1 Search vendor "Debian" for product "Advanced Package Tool" and version "0.7.23.1" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | 0.7.24 Search vendor "Debian" for product "Advanced Package Tool" and version "0.7.24" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | 0.8.0 Search vendor "Debian" for product "Advanced Package Tool" and version "0.8.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | 0.8.0 Search vendor "Debian" for product "Advanced Package Tool" and version "0.8.0" | pre1 |
Affected
| ||||||
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | 0.8.0 Search vendor "Debian" for product "Advanced Package Tool" and version "0.8.0" | pre2 |
Affected
| ||||||
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | 0.8.1 Search vendor "Debian" for product "Advanced Package Tool" and version "0.8.1" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | 0.8.10 Search vendor "Debian" for product "Advanced Package Tool" and version "0.8.10" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | 0.8.10.1 Search vendor "Debian" for product "Advanced Package Tool" and version "0.8.10.1" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | 0.8.10.2 Search vendor "Debian" for product "Advanced Package Tool" and version "0.8.10.2" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | 0.8.10.3 Search vendor "Debian" for product "Advanced Package Tool" and version "0.8.10.3" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | 0.8.11 Search vendor "Debian" for product "Advanced Package Tool" and version "0.8.11" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | 0.8.11.1 Search vendor "Debian" for product "Advanced Package Tool" and version "0.8.11.1" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | 0.8.11.2 Search vendor "Debian" for product "Advanced Package Tool" and version "0.8.11.2" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | 0.8.11.3 Search vendor "Debian" for product "Advanced Package Tool" and version "0.8.11.3" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | 0.8.11.4 Search vendor "Debian" for product "Advanced Package Tool" and version "0.8.11.4" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | 0.8.11.5 Search vendor "Debian" for product "Advanced Package Tool" and version "0.8.11.5" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | 0.8.12 Search vendor "Debian" for product "Advanced Package Tool" and version "0.8.12" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | 0.8.13 Search vendor "Debian" for product "Advanced Package Tool" and version "0.8.13" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | 0.8.13.1 Search vendor "Debian" for product "Advanced Package Tool" and version "0.8.13.1" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | 0.8.13.2 Search vendor "Debian" for product "Advanced Package Tool" and version "0.8.13.2" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | 0.8.14 Search vendor "Debian" for product "Advanced Package Tool" and version "0.8.14" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | 0.8.14.1 Search vendor "Debian" for product "Advanced Package Tool" and version "0.8.14.1" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | 0.8.15 Search vendor "Debian" for product "Advanced Package Tool" and version "0.8.15" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | 0.8.15 Search vendor "Debian" for product "Advanced Package Tool" and version "0.8.15" | exp1 |
Affected
| ||||||
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | 0.8.15 Search vendor "Debian" for product "Advanced Package Tool" and version "0.8.15" | exp2 |
Affected
| ||||||
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | 0.8.15 Search vendor "Debian" for product "Advanced Package Tool" and version "0.8.15" | exp3 |
Affected
| ||||||
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | 0.8.15.1 Search vendor "Debian" for product "Advanced Package Tool" and version "0.8.15.1" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | 0.8.15.6 Search vendor "Debian" for product "Advanced Package Tool" and version "0.8.15.6" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | 0.8.15.7 Search vendor "Debian" for product "Advanced Package Tool" and version "0.8.15.7" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | 0.8.15.8 Search vendor "Debian" for product "Advanced Package Tool" and version "0.8.15.8" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | 0.8.15.9 Search vendor "Debian" for product "Advanced Package Tool" and version "0.8.15.9" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | 0.8.15.10 Search vendor "Debian" for product "Advanced Package Tool" and version "0.8.15.10" | - |
Affected
| ||||||