All the vulnerabilites related to debian - apt
Vulnerability from fkie_nvd
Published
2014-10-15 14:55
Modified
2024-11-21 02:16
Severity ?
Summary
The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EDAC8B26-1346-4622-8BFB-2AF7A1BEDD8E",
"versionEndIncluding": "1.0.9.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E70C7BF1-F191-40F2-8247-916F1AB07FB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.9.7.9:ubunto3:*:*:*:*:*:*",
"matchCriteriaId": "06A404D3-1A48-4AAE-A2C7-399F84D35C05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.9.7.9:ubunto4:*:*:*:*:*:*",
"matchCriteriaId": "4BC51119-7345-4065-8BB6-74F641E4E152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.9.7.9:ubunto5:*:*:*:*:*:*",
"matchCriteriaId": "43493B4D-F0AE-4B7A-8729-2DFC5FF30F00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0041B2D4-89F7-4A48-9026-779E7DDC0763",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file."
},
{
"lang": "es",
"value": "El comando \u0027changelog\u0027 en Apt anterior a 1.0.9.2 permite a usuarios locales escribir ficheros arbitrarios a trav\u00e9s de un ataque de enlaces simb\u00f3licos en el fichero \u0027changelog\u0027."
}
],
"id": "CVE-2014-7206",
"lastModified": "2024-11-21T02:16:32.430",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-10-15T14:55:09.073",
"references": [
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/61158"
},
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/61333"
},
{
"source": "security@debian.org",
"url": "http://secunia.com/advisories/61768"
},
{
"source": "security@debian.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2014/dsa-3048"
},
{
"source": "security@debian.org",
"url": "http://www.securityfocus.com/bid/70310"
},
{
"source": "security@debian.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2370-1"
},
{
"source": "security@debian.org",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=763780"
},
{
"source": "security@debian.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96951"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61158"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61333"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61768"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2014/dsa-3048"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/70310"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2370-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=763780"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96951"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-21 23:30
Modified
2024-11-21 01:02
Severity ?
Summary
apt-get in apt before 0.7.21 does not check for the correct error code from gpgv, which causes apt to treat a repository as valid even when it has been signed with a key that has been revoked or expired, which might allow remote attackers to trick apt into installing malicious repositories.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5915EA2-9710-4CCC-A16A-EABD1D34A9C3",
"versionEndIncluding": "0.7.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2372DE68-69A3-44B6-A42E-1C8EA272FAC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F846A10-711A-42A1-A71A-FB11D4B511F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3E070DA8-E764-4C1B-BCDB-F15597ABE7AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.2-0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DCEE6BF2-3B33-41F7-84C4-626D1559FB24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1BDAAE90-9BD4-4160-89D3-162561CB30BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "CBC7B0DD-F983-41DC-BB78-52FB53C044DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B832BF3E-A081-4708-8D54-C5BC827965E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "31586872-C049-4125-B82A-FEA8B06FDF7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.14:*:*:*:*:*:*:*",
"matchCriteriaId": "2F377D69-4C1D-4D1A-96D9-B7724756CA3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "71851F90-85E4-4250-B9FB-320A33B04B58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.15:exp1:*:*:*:*:*:*",
"matchCriteriaId": "C6356166-F4D5-4B50-94AE-7A25803FFF38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.15:exp2:*:*:*:*:*:*",
"matchCriteriaId": "0D7D88AF-16B4-4C3F-AF7D-8773CB08BA01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.15:exp3:*:*:*:*:*:*",
"matchCriteriaId": "5F293909-BFDB-49A2-AF03-6ADACE195204",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.16:*:*:*:*:*:*:*",
"matchCriteriaId": "E138D3A7-F289-4491-A24D-4DF2F179EAAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.17:*:*:*:*:*:*:*",
"matchCriteriaId": "19ED89FC-F907-4126-B969-625887306487",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.17:exp1:*:*:*:*:*:*",
"matchCriteriaId": "0F467E33-20AC-401C-AF1F-8F4BC0CB0C37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.17:exp2:*:*:*:*:*:*",
"matchCriteriaId": "595406A6-DFD2-4E26-82C8-745E0AC0D6B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.17:exp3:*:*:*:*:*:*",
"matchCriteriaId": "4ED3DB0F-E9BF-4E23-8057-AACA17475C66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.17:exp4:*:*:*:*:*:*",
"matchCriteriaId": "39A7A479-6225-43EA-B010-46EF4BC77E10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.18:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC4CC2E-7E68-4360-8360-B0463D9B6B79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.19:*:*:*:*:*:*:*",
"matchCriteriaId": "BF988A0E-A630-40DD-9387-2C1610D2F932",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBE7EC9A-2E4D-4A60-AC88-F390F5B3432A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.20.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A2257DAB-0A44-4841-9EF9-CBBF9BB68F40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "47EDE750-C502-4B25-829D-D0C0F2653C19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E67027C4-0C37-4715-9EE6-BBE71C8A4CD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "63D7BB47-916D-40AB-9B6C-DBBCB8CC8F56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "862E6716-C665-43E9-9245-E0FABC095CD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "63B043A4-EC4C-4A30-ABA3-CE63934C06CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FBD74BC2-9B95-4E0E-B7A9-62C97464443A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "15861FDD-ED4A-4407-B7DF-6AAC25C3AC7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "05D0D36A-F149-4733-BC75-B6EF39FD9C3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "10450117-95E5-43EF-8BAE-56D403C27E0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E5B1CAB4-EF19-419E-AE59-950F4C64CAAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "27DC4956-E0D1-451C-AECA-6C5629DD1A54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "DB54FAC9-4300-4C91-98A8-7AA075B68E07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "9B5ED2CB-2603-42BE-A067-738E76E52687",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "181924A3-71DD-46A2-BAD4-6D4734DDD541",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.0.13-bo1:*:*:*:*:*:*:*",
"matchCriteriaId": "4955663F-A699-428D-9995-21ED69331F84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "DB91513D-3AEB-440E-BDD2-8D2FE1D6AD08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "1410E630-2E45-4AC0-B5F9-96839957C8A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.0.15-0.1bo:*:*:*:*:*:*:*",
"matchCriteriaId": "98AC38E9-FBFE-4972-80FA-D7F5D9169B72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.0.15-0.2bo:*:*:*:*:*:*:*",
"matchCriteriaId": "78C6533A-C6DA-4E45-BB5F-44B7C4ADEA8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.0.16-1:*:*:*:*:*:*:*",
"matchCriteriaId": "9EF482CC-3A0A-4178-9ADD-57C8BFD5050E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.0.17-1:*:*:*:*:*:*:*",
"matchCriteriaId": "DB97D09E-80A1-4819-8496-AA5D4BCB9189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C3229262-E656-46EB-8880-B24F73C90509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "81B47A64-8339-4A26-8AF5-D8CE90293F46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D3D5E1D8-EC66-495D-BBBC-78D535635F59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2593C2F6-54E2-4311-B0A6-6E5E80B99A2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E18DAF1F-2FFA-4C12-93A4-5417C5C25E7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B8A2315F-0591-4CB7-AFD1-ADC8BF1C87FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6C5ED765-9C72-4334-91E0-4BB0A15381DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "185A3B86-2261-488F-B1CA-03E9B42D94DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C98BE1A-0B65-44CD-ABDC-7CAA5D595797",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0B883322-F944-4FFC-B9D8-B1C289EA6C42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1EC159F3-A216-45B8-A547-174ABABC953B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "56E1C9D0-5CDB-4DB2-A757-FCA31D1D591F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E6D9BFD0-E308-44E8-A7C7-4699A2510A7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "72875923-4ACB-4B08-B52F-D9BA45CA8D1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4EE3B58F-BD33-452A-BD4D-D0D023E1F8E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "86F2E2D4-CDEA-4D26-869A-C32C97A53D79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "015691AF-BFD4-4ED0-873A-5D23F9194D58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "699D019F-2924-4AE5-A833-92E46BA4AF7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "9FD22F86-65A4-4B63-AEA3-77CD2DEF589B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "3A8FF5D4-493B-42DE-8DAA-BF6BDE3B5B9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "CF5AF288-9358-40BF-9A71-99C983713F06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7995C830-651D-46E9-AE53-2D73CB1575A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.3.18:*:*:*:*:*:*:*",
"matchCriteriaId": "F31AEB78-1DA5-4583-B865-1F74C0DE364E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.3.19:*:*:*:*:*:*:*",
"matchCriteriaId": "D3A64810-DB07-4600-9968-052703A01B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C6B0F899-EF61-4B2B-81A3-932D5B8786EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CCF1902-FD1C-4AA2-86BE-1374A5677C82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "32B29CF3-9B80-4626-9785-73446E3DA300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F384C461-0A0B-4A3A-A944-51C7282CE6C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4BB2D223-5C72-4728-8628-C692E59155DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3776D2F0-5551-4B0D-B5B6-A6306E1052CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FE504A04-16EA-421F-A01E-FCCAFC9D2971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F68E822C-189B-4F90-8D06-92E1E64E1C85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AAA1B686-013D-44A2-A9D5-52D913C28236",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C1C7B1EB-B9B6-4E04-A14B-A7ADAF282EC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "863AD8F9-1BC2-4CCE-962D-C9E77FD5C61E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7529570E-6563-4A7D-A493-A557583481AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D4ECE94E-D866-435A-A54C-B6B90E8149E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "CD1D9284-EEF8-49B6-AAD1-826695148720",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.13:*:*:*:*:*:*:*",
"matchCriteriaId": "3C391EB0-E875-4B9E-BF0A-285B91961EDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.14:*:*:*:*:*:*:*",
"matchCriteriaId": "44311E97-AF64-4181-A52F-9F66F9F250C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D98750AF-DCD0-4B5F-82E2-911FB3F72BBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "3C0D02B8-2DC4-4ECD-B846-EEEF13BFA026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.17:*:*:*:*:*:*:*",
"matchCriteriaId": "5A25EFC1-758B-4F81-A07B-10807674D94C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.18:*:*:*:*:*:*:*",
"matchCriteriaId": "9E9C27EE-F6AA-400B-AFDE-6AFD5988685E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.19:*:*:*:*:*:*:*",
"matchCriteriaId": "6473F0E9-C55E-4687-B57C-5A2B9CA5DF96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.20:*:*:*:*:*:*:*",
"matchCriteriaId": "5CFA4C36-68E3-4586-B715-86FCC0C934FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.21:*:*:*:*:*:*:*",
"matchCriteriaId": "AED45163-C060-4884-90D6-32DCCB3FC907",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.22:*:*:*:*:*:*:*",
"matchCriteriaId": "4E5643C7-7519-4C86-A962-541057765FE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.23:*:*:*:*:*:*:*",
"matchCriteriaId": "D5A8669B-1746-439D-B592-BFD9FDCAF384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.24:*:*:*:*:*:*:*",
"matchCriteriaId": "17F14B17-32E2-420A-99F5-E5E4729D73AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.25:*:*:*:*:*:*:*",
"matchCriteriaId": "F3A0ED4A-58FB-4F7B-AEF4-482AC4DDAFA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.26:*:*:*:*:*:*:*",
"matchCriteriaId": "F11B9294-7C52-4E64-A8D8-F1A36A9B3AF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.27:*:*:*:*:*:*:*",
"matchCriteriaId": "E9FBA9CD-AF6B-4EE8-A4D4-5ED9FEF560D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.28:*:*:*:*:*:*:*",
"matchCriteriaId": "FD4BB811-8AFE-4ADC-9790-A72B64614FA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.29:*:*:*:*:*:*:*",
"matchCriteriaId": "6D7CF6C2-B787-4DB3-AF77-B69C25ED94E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.30:*:*:*:*:*:*:*",
"matchCriteriaId": "F9B478DB-912F-4563-A058-C4671BA8D0E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.30:ubuntu1:*:*:*:*:*:*",
"matchCriteriaId": "B061E3B1-9865-4730-BB64-5B727C28B6EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.30:ubuntu2:*:*:*:*:*:*",
"matchCriteriaId": "A4FCC9BF-91E0-4E51-B071-A4A80C3D50E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.31:*:*:*:*:*:*:*",
"matchCriteriaId": "EB5A7027-0C72-4C98-A20F-F176D2CA783C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.5.32:*:*:*:*:*:*:*",
"matchCriteriaId": "9128231B-2EE4-49CE-93BB-E1569F997C6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBD12618-EADC-4C62-9844-B13D42F48873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4D3BAFCE-3B0F-46C5-A0F3-FA10795F94C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "83E6EE25-34B0-44A7-9E0B-85420BA23A86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2EBBC666-27DA-482D-AEFF-2158965A9A49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3B130388-E8CD-48E6-BBB3-9555CDF41ED6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "46311A8F-B75F-497B-8B9D-3912437BC300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AD5FAC29-BDBC-44A4-9B3A-54D335D66315",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D4606D3C-3956-4028-9B3C-38D89E5C3732",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1631B320-1ADA-4D92-889A-27802AA289CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0A32DEA0-0410-4D7F-8B20-35B76B8542B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6AD2BF13-3509-449D-BCD7-626DA16E333C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "8931C487-7B01-46B4-AAC7-959E286D796A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "5D1DD0BF-6581-4269-90E3-D7FD14ACC542",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C379EA2E-90F0-4B2E-8F6F-B2DA7259CD3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "C1CF91FC-A3B4-4507-A225-49A27EE451EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.15:*:*:*:*:*:*:*",
"matchCriteriaId": "D9962509-53B4-402E-AA1E-77C7C5D54452",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.16:*:*:*:*:*:*:*",
"matchCriteriaId": "65345737-6DD6-4971-8A24-209C6EFBEC38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7DDAC7AC-A0FB-4B0F-9DF9-BAA1C6C2E224",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.18:*:*:*:*:*:*:*",
"matchCriteriaId": "4CDE8307-9EBB-461D-8802-516599DD3D19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.19:*:*:*:*:*:*:*",
"matchCriteriaId": "4CA4BEB2-98AE-4834-BD6C-7E41EA0F08E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.20:*:*:*:*:*:*:*",
"matchCriteriaId": "66EFD81E-7B6B-48C2-B8A2-B803C1347EBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.21:*:*:*:*:*:*:*",
"matchCriteriaId": "BA7F566F-700E-411D-B0C7-CF9BC30FAD89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.22:*:*:*:*:*:*:*",
"matchCriteriaId": "AB94CAF2-2C59-43D5-A5BE-BAE3D44B94D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.23:*:*:*:*:*:*:*",
"matchCriteriaId": "7550CF30-596C-4C46-9928-99D1F091982B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.24:*:*:*:*:*:*:*",
"matchCriteriaId": "4D74FEBE-5BA7-4907-ADBE-21BC4A73F2B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.25:*:*:*:*:*:*:*",
"matchCriteriaId": "08025BA8-8DB2-4A63-BE31-4BC7626CF247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.27:*:*:*:*:*:*:*",
"matchCriteriaId": "C33D9E60-633B-48A9-AC9D-FDDB6FF39440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.27:ubuntu1:*:*:*:*:*:*",
"matchCriteriaId": "C745117D-546B-451F-9839-2AA56AC10AC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.27:ubuntu2:*:*:*:*:*:*",
"matchCriteriaId": "7A29168F-B7BD-460E-91D7-143B243BC2AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.27:ubuntu3:*:*:*:*:*:*",
"matchCriteriaId": "ED3AB78A-864E-4F5A-827B-F0AFD503F22F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.27:ubuntu4:*:*:*:*:*:*",
"matchCriteriaId": "AB2659B2-7D6B-4FB8-A941-DD313544ED15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.28:*:*:*:*:*:*:*",
"matchCriteriaId": "1ADA767C-A9C7-4592-9633-54EB71F07793",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.29:*:*:*:*:*:*:*",
"matchCriteriaId": "F063F513-7F04-49B9-BCAA-69261841B8AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.30:*:*:*:*:*:*:*",
"matchCriteriaId": "4751E4B9-B89F-49D4-8E72-534AEFE57F56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.31:*:*:*:*:*:*:*",
"matchCriteriaId": "BC64ABF1-F116-4510-B279-84C28405D809",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.32:*:*:*:*:*:*:*",
"matchCriteriaId": "1686258C-4378-47BA-9811-8B6863FAF1A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.33:*:*:*:*:*:*:*",
"matchCriteriaId": "B3BD2A6B-A393-4435-9958-2A01DEE48DDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.34:*:*:*:*:*:*:*",
"matchCriteriaId": "9CE7BEE8-10F8-4735-A204-738AAA0C3038",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.35:*:*:*:*:*:*:*",
"matchCriteriaId": "CA66AB92-12CA-4B8D-8BAB-7DA45A4EF9A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.36:*:*:*:*:*:*:*",
"matchCriteriaId": "BC226131-5C53-4829-B125-AFB8111A3774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.36:ubuntu1:*:*:*:*:*:*",
"matchCriteriaId": "DE6C9C14-C804-47F1-97CE-CA2FF3287DDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.37:*:*:*:*:*:*:*",
"matchCriteriaId": "ED3454FE-522A-42C0-8CA7-21AE8EAC9437",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.38:*:*:*:*:*:*:*",
"matchCriteriaId": "15B6CBB7-4870-4A82-9B6A-30A34EA54E5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.39:*:*:*:*:*:*:*",
"matchCriteriaId": "346E9720-D787-4BE7-9F33-D5FFE30C7B96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.40:*:*:*:*:*:*:*",
"matchCriteriaId": "78B0FB1A-48C0-4455-9109-7A8F60B99DD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.40.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D6CCB50-D360-4AB2-90D5-C3FCF506D31C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.41:*:*:*:*:*:*:*",
"matchCriteriaId": "BD0E1794-C19A-4779-8CD5-C10DA67F6DCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.42:*:*:*:*:*:*:*",
"matchCriteriaId": "61AF9067-3A57-41C3-A326-19A2A1FC5291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.42.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5BD24204-9DE1-498B-8CF7-23234B3DC517",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.42.2:*:*:*:*:*:*:*",
"matchCriteriaId": "411547FE-D995-488F-A07D-018FFB4DCF44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.42.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D748634E-B7D1-4E1F-8951-E5B1FC64D9B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.43:*:*:*:*:*:*:*",
"matchCriteriaId": "A75E5219-4BC1-45CE-A225-21C2C3E3D212",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.43.1:*:*:*:*:*:*:*",
"matchCriteriaId": "40B1D550-8384-40EC-827C-2433E3BA71CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.43.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7D705912-ADE8-4BF6-B367-AB1699E17B05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.43.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0C709AC5-2A55-4917-AD18-3E313A9B3F69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.44:*:*:*:*:*:*:*",
"matchCriteriaId": "913E6EE4-D94B-4B0D-8F5C-637CD23ABBD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.44.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FF26A78B-E7B7-481D-9C0F-888E322CF7FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.44.1-0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43BB1F89-B225-49B8-922F-AA93404D9102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.44.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C482A979-497D-40D0-A606-21B2E1803BF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.44.2:exp1:*:*:*:*:*:*",
"matchCriteriaId": "E923935B-F81D-4BC5-9C01-06612159C07B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.45:*:*:*:*:*:*:*",
"matchCriteriaId": "18A6960B-7B34-43D8-8E86-F2E6FCA91E43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.46:*:*:*:*:*:*:*",
"matchCriteriaId": "EBFF6B94-521C-4B51-8F60-9CEF723978C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.46.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5FFEBB7C-4E56-4A92-BFD3-8D10E739B457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.46.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F2764CB-AE41-4435-A459-9227B6E670B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.46.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E28D5396-5378-46D3-A46A-CC77A02A6ABD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.46.3-0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AAAA97B2-1072-4080-A341-64C00DAED664",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.46.3-0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C6BEB024-66AD-4B5A-A61E-82543767400E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.6.46.4-0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A77824A3-F70D-4AA2-93D3-7BE6E6A12616",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E5D42EE-C68F-4BCC-AF01-5AE9EF107DF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E1DB0DE2-C967-4DCA-A3B4-2F235371993B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5CA862B0-D7DB-44D7-A669-66357DC46AFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1464B59B-72A7-4328-A6BA-D60153C226AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CB3B7EBB-BDE5-4091-8FE5-05965656912F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "48005163-3A91-4F5D-B2E5-9A7B691713C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "335B661E-7912-4E16-B6B2-18A111C23D1C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "apt-get in apt before 0.7.21 does not check for the correct error code from gpgv, which causes apt to treat a repository as valid even when it has been signed with a key that has been revoked or expired, which might allow remote attackers to trick apt into installing malicious repositories."
},
{
"lang": "es",
"value": "apt-get in apt anterior a 0.7.21 no comprueba adecuadamente el error de codigo en gpgv, lo que hace que apt utilice un repositorio firmado con una clave que ha sido revocada o ha caducado, lo que permite a atacantes remotos enga\u00f1ar a apt en la instlacion de repositorios maliciosos."
}
],
"id": "CVE-2009-1358",
"lastModified": "2024-11-21T01:02:16.570",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-21T23:30:00.217",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=433091"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34829"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34832"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34874"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2009/dsa-1779"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/34630"
},
{
"source": "cve@mitre.org",
"url": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/356012"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50086"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/762-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=433091"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34829"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34832"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34874"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1779"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34630"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/356012"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/762-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-12-26 22:55
Modified
2024-11-21 01:36
Severity ?
Summary
Apt 0.8.16~exp5ubuntu13.x before 0.8.16~exp5ubuntu13.6, 0.8.16~exp12ubuntu10.x before 0.8.16~exp12ubuntu10.7, and 0.9.7.5ubuntu5.x before 0.9.7.5ubuntu5.2, as used in Ubuntu, uses world-readable permissions for /var/log/apt/term.log, which allows local users to obtain sensitive shell information by reading the log file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | advanced_package_tool | 0.8.16 | |
| debian | apt | 0.9.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.16:*:*:*:*:*:*:*",
"matchCriteriaId": "36B518E8-B14B-4DC2-9437-3E69108BA40A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FC20104F-BDF2-4C4F-A99E-014CE23187FE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apt 0.8.16~exp5ubuntu13.x before 0.8.16~exp5ubuntu13.6, 0.8.16~exp12ubuntu10.x before 0.8.16~exp12ubuntu10.7, and 0.9.7.5ubuntu5.x before 0.9.7.5ubuntu5.2, as used in Ubuntu, uses world-readable permissions for /var/log/apt/term.log, which allows local users to obtain sensitive shell information by reading the log file."
},
{
"lang": "es",
"value": "Apt v0.8.16~exp5ubuntu13.x antes de v0.8.16~exp5ubuntu13.6, v0.8.16~exp12ubuntu10.x antes de v0.8.16v0.8.16~exp12ubuntu10.7 y v0.9.7.5ubuntu5.x antes de v0.9.7.5ubuntu5.2, tal y como se usa en Ubuntu, usa permisos de lectura para todo el mundo en /var/log/apt/term.log lo que permite a usuarios locales obtener informaci\u00f3n sensible de la shell leyendo el archivo de registro.\r\n"
}
],
"id": "CVE-2012-0961",
"lastModified": "2024-11-21T01:36:03.237",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-12-26T22:55:02.847",
"references": [
{
"source": "security@ubuntu.com",
"url": "http://osvdb.org/88380"
},
{
"source": "security@ubuntu.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51568"
},
{
"source": "security@ubuntu.com",
"url": "http://www.securityfocus.com/bid/56917"
},
{
"source": "security@ubuntu.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1662-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/88380"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51568"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/56917"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1662-1"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-15 14:15
Modified
2024-11-21 05:31
Severity ?
Summary
Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | apt | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| fedoraproject | fedora | 32 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 19.10 | |
| canonical | ubuntu_linux | 20.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:apt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "56E3943E-AA71-4AA6-BA3E-6C153E4572B9",
"versionEndExcluding": "2.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
"matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files."
},
{
"lang": "es",
"value": "Una falta de comprobaci\u00f3n de entrada en las implementaciones de ar/tar de APT versiones anteriores a 2.1.2, podr\u00eda resultar en una denegaci\u00f3n de servicio al procesar archivos deb especialmente dise\u00f1ados"
}
],
"id": "CVE-2020-3810",
"lastModified": "2024-11-21T05:31:47.133",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-15T14:15:11.887",
"references": [
{
"source": "security@debian.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/bugs/1878177"
},
{
"source": "security@debian.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Debian/apt/issues/111"
},
{
"source": "security@debian.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.debian.org/debian-security-announce/2020/msg00089.html"
},
{
"source": "security@debian.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U4PEH357MZM2SUGKETMEHMSGQS652QHH/"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://salsa.debian.org/apt-team/apt/-/commit/dceb1e49e4b8e4dadaf056be34088b415939cda6"
},
{
"source": "security@debian.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://tracker.debian.org/news/1144109/accepted-apt-212-source-into-unstable/"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4359-1/"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4359-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.launchpad.net/bugs/1878177"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Debian/apt/issues/111"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.debian.org/debian-security-announce/2020/msg00089.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U4PEH357MZM2SUGKETMEHMSGQS652QHH/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://salsa.debian.org/apt-team/apt/-/commit/dceb1e49e4b8e4dadaf056be34088b415939cda6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://tracker.debian.org/news/1144109/accepted-apt-212-source-into-unstable/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4359-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4359-2/"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-03-21 17:55
Modified
2024-11-21 01:48
Severity ?
Summary
apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify packages before installation via unknown vectors, possibly related to integrity checking and the use of third-party repositories.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | advanced_package_tool | 0.8.16 | |
| debian | apt | 0.9.7 | |
| canonical | ubuntu_linux | 11.10 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 12.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.16:*:*:*:*:*:*:*",
"matchCriteriaId": "36B518E8-B14B-4DC2-9437-3E69108BA40A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:apt:0.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FC20104F-BDF2-4C4F-A99E-014CE23187FE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*",
"matchCriteriaId": "F5D324C4-97C7-49D3-A809-9EAD4B690C69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify packages before installation via unknown vectors, possibly related to integrity checking and the use of third-party repositories."
},
{
"lang": "es",
"value": "apt v0.8.16, v0.9.7 y posiblemente otras versiones no trata correctamente los archivos InRelease, lo que permite man-in-the-middle atacantes para modificar los paquetes antes de la instalaci\u00f3n a trav\u00e9s de vectores desconocidos, posiblemente relacionadas con la comprobaci\u00f3n de la integridad y el uso de terceros repositorios del partido."
}
],
"evaluatorImpact": "Per http://www.ubuntu.com/usn/USN-1762-1/\r\n\"A security issue affects these releases of Ubuntu and its derivatives:\r\nUbuntu 12.10\r\nUbuntu 12.04 LTS\r\nUbuntu 11.10\r\n\"",
"id": "CVE-2013-1051",
"lastModified": "2024-11-21T01:48:49.233",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-03-21T17:55:01.070",
"references": [
{
"source": "security@ubuntu.com",
"url": "http://osvdb.org/91428"
},
{
"source": "security@ubuntu.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52633"
},
{
"source": "security@ubuntu.com",
"url": "http://www.ubuntu.com/usn/USN-1762-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/91428"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52633"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1762-1"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2012-0961
Vulnerability from cvelistv5
Published
2012-12-26 22:00
Modified
2024-09-16 17:28
Severity ?
EPSS score ?
Summary
Apt 0.8.16~exp5ubuntu13.x before 0.8.16~exp5ubuntu13.6, 0.8.16~exp12ubuntu10.x before 0.8.16~exp12ubuntu10.7, and 0.9.7.5ubuntu5.x before 0.9.7.5ubuntu5.2, as used in Ubuntu, uses world-readable permissions for /var/log/apt/term.log, which allows local users to obtain sensitive shell information by reading the log file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/56917 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/51568 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.ubuntu.com/usn/USN-1662-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://osvdb.org/88380 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:45:25.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "56917",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56917"
},
{
"name": "51568",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51568"
},
{
"name": "USN-1662-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1662-1"
},
{
"name": "88380",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/88380"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Apt 0.8.16~exp5ubuntu13.x before 0.8.16~exp5ubuntu13.6, 0.8.16~exp12ubuntu10.x before 0.8.16~exp12ubuntu10.7, and 0.9.7.5ubuntu5.x before 0.9.7.5ubuntu5.2, as used in Ubuntu, uses world-readable permissions for /var/log/apt/term.log, which allows local users to obtain sensitive shell information by reading the log file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-12-26T22:00:00Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "56917",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56917"
},
{
"name": "51568",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51568"
},
{
"name": "USN-1662-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1662-1"
},
{
"name": "88380",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/88380"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2012-0961",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apt 0.8.16~exp5ubuntu13.x before 0.8.16~exp5ubuntu13.6, 0.8.16~exp12ubuntu10.x before 0.8.16~exp12ubuntu10.7, and 0.9.7.5ubuntu5.x before 0.9.7.5ubuntu5.2, as used in Ubuntu, uses world-readable permissions for /var/log/apt/term.log, which allows local users to obtain sensitive shell information by reading the log file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "56917",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56917"
},
{
"name": "51568",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51568"
},
{
"name": "USN-1662-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1662-1"
},
{
"name": "88380",
"refsource": "OSVDB",
"url": "http://osvdb.org/88380"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2012-0961",
"datePublished": "2012-12-26T22:00:00Z",
"dateReserved": "2012-02-01T00:00:00Z",
"dateUpdated": "2024-09-16T17:28:35.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-7206
Vulnerability from cvelistv5
Published
2014-10-15 14:00
Modified
2024-08-06 12:40
Severity ?
EPSS score ?
Summary
The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/61333 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2014/dsa-3048 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/61768 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/61158 | third-party-advisory, x_refsource_SECUNIA | |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=763780 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/70310 | vdb-entry, x_refsource_BID | |
| http://www.ubuntu.com/usn/USN-2370-1 | vendor-advisory, x_refsource_UBUNTU | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/96951 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:40:19.187Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "61333",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61333"
},
{
"name": "DSA-3048",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3048"
},
{
"name": "61768",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61768"
},
{
"name": "61158",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61158"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=763780"
},
{
"name": "70310",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70310"
},
{
"name": "USN-2370-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2370-1"
},
{
"name": "apt-cve20147206-symlink(96951)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96951"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "61333",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61333"
},
{
"name": "DSA-3048",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3048"
},
{
"name": "61768",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61768"
},
{
"name": "61158",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61158"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=763780"
},
{
"name": "70310",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70310"
},
{
"name": "USN-2370-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2370-1"
},
{
"name": "apt-cve20147206-symlink(96951)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96951"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2014-7206",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "61333",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61333"
},
{
"name": "DSA-3048",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3048"
},
{
"name": "61768",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61768"
},
{
"name": "61158",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61158"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=763780",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=763780"
},
{
"name": "70310",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70310"
},
{
"name": "USN-2370-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2370-1"
},
{
"name": "apt-cve20147206-symlink(96951)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96951"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2014-7206",
"datePublished": "2014-10-15T14:00:00",
"dateReserved": "2014-09-27T00:00:00",
"dateUpdated": "2024-08-06T12:40:19.187Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1358
Vulnerability from cvelistv5
Published
2009-04-21 23:00
Modified
2024-08-07 05:13
Severity ?
EPSS score ?
Summary
apt-get in apt before 0.7.21 does not check for the correct error code from gpgv, which causes apt to treat a repository as valid even when it has been signed with a key that has been revoked or expired, which might allow remote attackers to trick apt into installing malicious repositories.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/34874 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2009/dsa-1779 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/34829 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/34630 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/34832 | third-party-advisory, x_refsource_SECUNIA | |
| https://bugs.launchpad.net/ubuntu/+source/apt/+bug/356012 | x_refsource_CONFIRM | |
| https://usn.ubuntu.com/762-1/ | vendor-advisory, x_refsource_UBUNTU | |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=433091 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/50086 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:13:25.407Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "34874",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34874"
},
{
"name": "DSA-1779",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1779"
},
{
"name": "34829",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34829"
},
{
"name": "34630",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34630"
},
{
"name": "34832",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34832"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/356012"
},
{
"name": "USN-762-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/762-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=433091"
},
{
"name": "apt-aptget-gpgv-security-bypass(50086)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50086"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "apt-get in apt before 0.7.21 does not check for the correct error code from gpgv, which causes apt to treat a repository as valid even when it has been signed with a key that has been revoked or expired, which might allow remote attackers to trick apt into installing malicious repositories."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "34874",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34874"
},
{
"name": "DSA-1779",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1779"
},
{
"name": "34829",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34829"
},
{
"name": "34630",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34630"
},
{
"name": "34832",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34832"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/356012"
},
{
"name": "USN-762-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/762-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=433091"
},
{
"name": "apt-aptget-gpgv-security-bypass(50086)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50086"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1358",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "apt-get in apt before 0.7.21 does not check for the correct error code from gpgv, which causes apt to treat a repository as valid even when it has been signed with a key that has been revoked or expired, which might allow remote attackers to trick apt into installing malicious repositories."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34874",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34874"
},
{
"name": "DSA-1779",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1779"
},
{
"name": "34829",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34829"
},
{
"name": "34630",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34630"
},
{
"name": "34832",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34832"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/356012",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/356012"
},
{
"name": "USN-762-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/762-1/"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=433091",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=433091"
},
{
"name": "apt-aptget-gpgv-security-bypass(50086)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50086"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1358",
"datePublished": "2009-04-21T23:00:00",
"dateReserved": "2009-04-21T00:00:00",
"dateUpdated": "2024-08-07T05:13:25.407Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-3810
Vulnerability from cvelistv5
Published
2020-05-15 13:42
Modified
2024-09-17 01:01
Severity ?
EPSS score ?
Summary
Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/Debian/apt/issues/111 | x_refsource_MISC | |
| https://bugs.launchpad.net/bugs/1878177 | x_refsource_MISC | |
| https://salsa.debian.org/apt-team/apt/-/commit/dceb1e49e4b8e4dadaf056be34088b415939cda6 | x_refsource_MISC | |
| https://lists.debian.org/debian-security-announce/2020/msg00089.html | x_refsource_MISC | |
| https://tracker.debian.org/news/1144109/accepted-apt-212-source-into-unstable/ | x_refsource_MISC | |
| https://usn.ubuntu.com/4359-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://usn.ubuntu.com/4359-2/ | vendor-advisory, x_refsource_UBUNTU | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U4PEH357MZM2SUGKETMEHMSGQS652QHH/ | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:44:51.170Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Debian/apt/issues/111"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/bugs/1878177"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://salsa.debian.org/apt-team/apt/-/commit/dceb1e49e4b8e4dadaf056be34088b415939cda6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.debian.org/debian-security-announce/2020/msg00089.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://tracker.debian.org/news/1144109/accepted-apt-212-source-into-unstable/"
},
{
"name": "USN-4359-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4359-1/"
},
{
"name": "USN-4359-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4359-2/"
},
{
"name": "FEDORA-2020-f03cfe3df5",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U4PEH357MZM2SUGKETMEHMSGQS652QHH/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "apt",
"vendor": "Debian",
"versions": [
{
"status": "affected",
"version": "before 2.1.2"
}
]
}
],
"datePublic": "2020-05-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "apt out-of-bounds read in .ar/.tar implemations",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-19T02:06:08",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Debian/apt/issues/111"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/bugs/1878177"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://salsa.debian.org/apt-team/apt/-/commit/dceb1e49e4b8e4dadaf056be34088b415939cda6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.debian.org/debian-security-announce/2020/msg00089.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://tracker.debian.org/news/1144109/accepted-apt-212-source-into-unstable/"
},
{
"name": "USN-4359-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4359-1/"
},
{
"name": "USN-4359-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4359-2/"
},
{
"name": "FEDORA-2020-f03cfe3df5",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U4PEH357MZM2SUGKETMEHMSGQS652QHH/"
}
],
"source": {
"advisory": "https://www.debian.org/security/2020/dsa-4685",
"discovery": "EXTERNAL"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"DATE_PUBLIC": "2020-05-14T00:00:00.000Z",
"ID": "CVE-2020-3810",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "apt",
"version": {
"version_data": [
{
"version_value": "before 2.1.2"
}
]
}
}
]
},
"vendor_name": "Debian"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "apt out-of-bounds read in .ar/.tar implemations"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Debian/apt/issues/111",
"refsource": "MISC",
"url": "https://github.com/Debian/apt/issues/111"
},
{
"name": "https://bugs.launchpad.net/bugs/1878177",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/bugs/1878177"
},
{
"name": "https://salsa.debian.org/apt-team/apt/-/commit/dceb1e49e4b8e4dadaf056be34088b415939cda6",
"refsource": "MISC",
"url": "https://salsa.debian.org/apt-team/apt/-/commit/dceb1e49e4b8e4dadaf056be34088b415939cda6"
},
{
"name": "https://lists.debian.org/debian-security-announce/2020/msg00089.html",
"refsource": "MISC",
"url": "https://lists.debian.org/debian-security-announce/2020/msg00089.html"
},
{
"name": "https://tracker.debian.org/news/1144109/accepted-apt-212-source-into-unstable/",
"refsource": "MISC",
"url": "https://tracker.debian.org/news/1144109/accepted-apt-212-source-into-unstable/"
},
{
"name": "USN-4359-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4359-1/"
},
{
"name": "USN-4359-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4359-2/"
},
{
"name": "FEDORA-2020-f03cfe3df5",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U4PEH357MZM2SUGKETMEHMSGQS652QHH/"
}
]
},
"source": {
"advisory": "https://www.debian.org/security/2020/dsa-4685",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2020-3810",
"datePublished": "2020-05-15T13:42:05.044214Z",
"dateReserved": "2019-12-17T00:00:00",
"dateUpdated": "2024-09-17T01:01:33.109Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-1051
Vulnerability from cvelistv5
Published
2013-03-21 17:00
Modified
2024-09-17 02:47
Severity ?
EPSS score ?
Summary
apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify packages before installation via unknown vectors, possibly related to integrity checking and the use of third-party repositories.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/91428 | vdb-entry, x_refsource_OSVDB | |
| http://www.ubuntu.com/usn/USN-1762-1 | vendor-advisory, x_refsource_UBUNTU | |
| http://secunia.com/advisories/52633 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:49:20.460Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "91428",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/91428"
},
{
"name": "USN-1762-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1762-1"
},
{
"name": "52633",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52633"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify packages before installation via unknown vectors, possibly related to integrity checking and the use of third-party repositories."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-21T17:00:00Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"name": "91428",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/91428"
},
{
"name": "USN-1762-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1762-1"
},
{
"name": "52633",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52633"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2013-1051",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify packages before installation via unknown vectors, possibly related to integrity checking and the use of third-party repositories."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "91428",
"refsource": "OSVDB",
"url": "http://osvdb.org/91428"
},
{
"name": "USN-1762-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1762-1"
},
{
"name": "52633",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52633"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2013-1051",
"datePublished": "2013-03-21T17:00:00Z",
"dateReserved": "2013-01-11T00:00:00Z",
"dateUpdated": "2024-09-17T02:47:34.049Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}