cve-2012-3587
Vulnerability from cvelistv5
Published
2012-06-19 20:00
Modified
2024-09-16 22:30
Severity ?
Summary
APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-middle (MITM) attack.
References
cve@mitre.orghttp://seclists.org/fulldisclosure/2012/Jun/267
cve@mitre.orghttp://www.ubuntu.com/usn/USN-1475-1
cve@mitre.orghttp://www.ubuntu.com/usn/USN-1477-1
cve@mitre.orghttps://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013128
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2012/Jun/267
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1475-1
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1477-1
af854a3a-2127-422b-91ae-364da2661108https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013128
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:13:50.755Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20120612 Strange gpg key shadowing",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2012/Jun/267"
          },
          {
            "name": "USN-1477-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1477-1"
          },
          {
            "name": "USN-1475-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1475-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013128"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-middle (MITM) attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2012-06-19T20:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20120612 Strange gpg key shadowing",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2012/Jun/267"
        },
        {
          "name": "USN-1477-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1477-1"
        },
        {
          "name": "USN-1475-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1475-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013128"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2012-3587",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-middle (MITM) attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20120612 Strange gpg key shadowing",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2012/Jun/267"
            },
            {
              "name": "USN-1477-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1477-1"
            },
            {
              "name": "USN-1475-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1475-1"
            },
            {
              "name": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013128",
              "refsource": "CONFIRM",
              "url": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013128"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2012-3587",
    "datePublished": "2012-06-19T20:00:00Z",
    "dateReserved": "2012-06-19T00:00:00Z",
    "dateUpdated": "2024-09-16T22:30:53.425Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:debian:advanced_package_tool:0.7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2372DE68-69A3-44B6-A42E-1C8EA272FAC6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:debian:advanced_package_tool:0.7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1F846A10-711A-42A1-A71A-FB11D4B511F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:debian:advanced_package_tool:0.7.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3E070DA8-E764-4C1B-BCDB-F15597ABE7AB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:debian:advanced_package_tool:0.7.2-0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DCEE6BF2-3B33-41F7-84C4-626D1559FB24\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:debian:advanced_package_tool:0.7.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1BDAAE90-9BD4-4160-89D3-162561CB30BA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:debian:advanced_package_tool:0.7.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CBC7B0DD-F983-41DC-BB78-52FB53C044DB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:debian:advanced_package_tool:0.7.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B832BF3E-A081-4708-8D54-C5BC827965E9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:debian:advanced_package_tool:0.7.13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"31586872-C049-4125-B82A-FEA8B06FDF7B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:debian:advanced_package_tool:0.7.14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2F377D69-4C1D-4D1A-96D9-B7724756CA3D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:debian:advanced_package_tool:0.7.15:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"71851F90-85E4-4250-B9FB-320A33B04B58\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:debian:advanced_package_tool:0.7.15:exp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"C6356166-F4D5-4B50-94AE-7A25803FFF38\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:debian:advanced_package_tool:0.7.15:exp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"0D7D88AF-16B4-4C3F-AF7D-8773CB08BA01\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:debian:advanced_package_tool:0.7.15:exp3:*:*:*:*:*:*\", \"matchCriteriaId\": \"5F293909-BFDB-49A2-AF03-6ADACE195204\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:debian:advanced_package_tool:0.7.16:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E138D3A7-F289-4491-A24D-4DF2F179EAAB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:debian:advanced_package_tool:0.7.17:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"19ED89FC-F907-4126-B969-625887306487\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:debian:advanced_package_tool:0.7.17:exp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"0F467E33-20AC-401C-AF1F-8F4BC0CB0C37\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:debian:advanced_package_tool:0.7.17:exp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"595406A6-DFD2-4E26-82C8-745E0AC0D6B6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:debian:advanced_package_tool:0.7.17:exp3:*:*:*:*:*:*\", \"matchCriteriaId\": \"4ED3DB0F-E9BF-4E23-8057-AACA17475C66\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:debian:advanced_package_tool:0.7.17:exp4:*:*:*:*:*:*\", \"matchCriteriaId\": \"39A7A479-6225-43EA-B010-46EF4BC77E10\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:debian:advanced_package_tool:0.7.18:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9EC4CC2E-7E68-4360-8360-B0463D9B6B79\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:debian:advanced_package_tool:0.7.19:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BF988A0E-A630-40DD-9387-2C1610D2F932\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:debian:advanced_package_tool:0.7.20:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"63E05BE6-9BDF-441E-873E-A4D965B3494F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:debian:advanced_package_tool:0.7.20.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EBE7EC9A-2E4D-4A60-AC88-F390F5B3432A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:debian:advanced_package_tool:0.7.20.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2257DAB-0A44-4841-9EF9-CBBF9BB68F40\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:debian:advanced_package_tool:0.7.21:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"47EDE750-C502-4B25-829D-D0C0F2653C19\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:debian:advanced_package_tool:0.7.22:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"189E20DE-EEFB-488A-B741-4BC80CF553B9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:debian:advanced_package_tool:0.7.22.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"96D80D63-6971-4CC7-A9A8-D9D05767F60A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:debian:advanced_package_tool:0.7.22.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1186DDDE-FCF4-45B8-A7EA-2DAE8DA3F010\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:debian:advanced_package_tool:0.7.23:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"58F88656-5BF9-4D51-9C37-26E9685484F9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:debian:advanced_package_tool:0.7.23.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9AB74135-2BB7-42F7-99CB-AFF0B811B66A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:debian:advanced_package_tool:0.7.24:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1B025168-8319-45C2-82BC-97EBD5EE563E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:debian:advanced_package_tool:0.8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"58F0D8BF-F9D3-40D0-AD71-9978F2A1FD29\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:debian:advanced_package_tool:0.8.0:pre1:*:*:*:*:*:*\", \"matchCriteriaId\": \"E82F9BF7-D4DD-4CF5-BE57-4772B7DDD5D8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:debian:advanced_package_tool:0.8.0:pre2:*:*:*:*:*:*\", \"matchCriteriaId\": \"7F4BC141-EEEB-4D0B-A3D4-24929855B685\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:debian:advanced_package_tool:0.8.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6CA54D7A-9296-4530-8215-6EB708DDE2B7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:debian:advanced_package_tool:0.8.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"04F345BE-745C-418D-BF0F-B7A5F1E3A5B7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:debian:advanced_package_tool:0.8.10.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"46799DD7-E46E-4EB2-AF13-852407384A5C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:debian:advanced_package_tool:0.8.10.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C417AF8F-D12C-4759-B99D-C60E139B9946\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:debian:advanced_package_tool:0.8.10.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"225275E2-3E9E-48FE-A2FF-9FE37A67E550\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:debian:advanced_package_tool:0.8.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3EA2183D-7D9E-4841-A1C9-B843AF3A03F2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:debian:advanced_package_tool:0.8.11.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7EAB3B8A-BDFA-4EDD-9A6D-F3CDE4977EDD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:debian:advanced_package_tool:0.8.11.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7A629D58-017D-4F27-B286-42094C727822\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:debian:advanced_package_tool:0.8.11.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9817661D-CACE-4D81-9432-2CDE5A51F4DB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:debian:advanced_package_tool:0.8.11.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A1A65066-5A1A-4091-9219-6060A662653D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:debian:advanced_package_tool:0.8.11.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FAFCA592-F57F-4C12-A1F7-496BDFB2A4A3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:debian:advanced_package_tool:0.8.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9793E4BB-5969-45DB-B9F6-29CB9C98D559\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:debian:advanced_package_tool:0.8.13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7427F24E-D3CB-498E-8695-9FC40546CFA5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:debian:advanced_package_tool:0.8.13.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"70A8FE33-63BC-4145-A6CA-90A61CB81AC8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:debian:advanced_package_tool:0.8.13.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"08C018A3-012C-4790-9D09-36661549A6E7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:debian:advanced_package_tool:0.8.14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"406C6D95-53B7-4950-83C5-4C27E755F24A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:debian:advanced_package_tool:0.8.14.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F0E56161-E80F-4EC4-9D1C-0FBCA672EEFB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:debian:advanced_package_tool:0.8.15:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"64C1D283-9326-4A6E-9529-BA8D26A36CE1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:debian:advanced_package_tool:0.8.15:exp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"1784FE65-DAE2-4E97-96A3-9A1835040245\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:debian:advanced_package_tool:0.8.15:exp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"6368BAB5-D44D-42B3-B5F7-E343E1101CDF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:debian:advanced_package_tool:0.8.15:exp3:*:*:*:*:*:*\", \"matchCriteriaId\": \"F2D3D5D9-97D1-44C6-B3BE-C9CFC1451FD6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:debian:advanced_package_tool:0.8.15.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3F5C252C-76F7-492F-AFFB-3BE2A63EE22E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:debian:advanced_package_tool:0.8.15.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"233F5902-0AF1-4417-8C97-34C9B64C09AD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:debian:advanced_package_tool:0.8.15.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5D613D7E-4456-4F47-9F13-F5D746F8715B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:debian:advanced_package_tool:0.8.15.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6DBD6821-E6C3-4F76-89C9-19478D8EB13A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:debian:advanced_package_tool:0.8.15.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2E7D4F82-45B9-4FC9-85C5-3F5E3966A243\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:debian:advanced_package_tool:0.8.15.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"475F9461-71F5-4E01-9399-E0413390A423\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-middle (MITM) attack.\"}, {\"lang\": \"es\", \"value\": \"APT v0.7.x antes de v0.7.25 y v0.8.x antes de v0.8.16, cuando se utiliza el apt-key net-update para importar archivos de claves, se basa en el orden de los argumentos GnuPG y no verifica subclaves GPG, lo que podr\\u00eda permitir a atacantes remotos instalar paquetes de caballos de troya a trav\\u00e9s de un ataque man-in-the-middle (MITM).\"}]",
      "id": "CVE-2012-3587",
      "lastModified": "2024-11-21T01:41:11.630",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:H/Au:N/C:N/I:P/A:N\", \"baseScore\": 2.6, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"HIGH\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 4.9, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2012-06-19T20:55:08.007",
      "references": "[{\"url\": \"http://seclists.org/fulldisclosure/2012/Jun/267\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-1475-1\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-1477-1\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013128\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://seclists.org/fulldisclosure/2012/Jun/267\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-1475-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-1477-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013128\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2012-3587\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2012-06-19T20:55:08.007\",\"lastModified\":\"2024-11-21T01:41:11.630\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-middle (MITM) attack.\"},{\"lang\":\"es\",\"value\":\"APT v0.7.x antes de v0.7.25 y v0.8.x antes de v0.8.16, cuando se utiliza el apt-key net-update para importar archivos de claves, se basa en el orden de los argumentos GnuPG y no verifica subclaves GPG, lo que podr\u00eda permitir a atacantes remotos instalar paquetes de caballos de troya a trav\u00e9s de un ataque man-in-the-middle (MITM).\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:N/I:P/A:N\",\"baseScore\":2.6,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":4.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:advanced_package_tool:0.7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2372DE68-69A3-44B6-A42E-1C8EA272FAC6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:advanced_package_tool:0.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F846A10-711A-42A1-A71A-FB11D4B511F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:advanced_package_tool:0.7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E070DA8-E764-4C1B-BCDB-F15597ABE7AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:advanced_package_tool:0.7.2-0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCEE6BF2-3B33-41F7-84C4-626D1559FB24\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:advanced_package_tool:0.7.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1BDAAE90-9BD4-4160-89D3-162561CB30BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:advanced_package_tool:0.7.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CBC7B0DD-F983-41DC-BB78-52FB53C044DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:advanced_package_tool:0.7.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B832BF3E-A081-4708-8D54-C5BC827965E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:advanced_package_tool:0.7.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31586872-C049-4125-B82A-FEA8B06FDF7B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:advanced_package_tool:0.7.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F377D69-4C1D-4D1A-96D9-B7724756CA3D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:advanced_package_tool:0.7.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"71851F90-85E4-4250-B9FB-320A33B04B58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:advanced_package_tool:0.7.15:exp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6356166-F4D5-4B50-94AE-7A25803FFF38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:advanced_package_tool:0.7.15:exp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D7D88AF-16B4-4C3F-AF7D-8773CB08BA01\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:advanced_package_tool:0.7.15:exp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F293909-BFDB-49A2-AF03-6ADACE195204\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:advanced_package_tool:0.7.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E138D3A7-F289-4491-A24D-4DF2F179EAAB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:advanced_package_tool:0.7.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"19ED89FC-F907-4126-B969-625887306487\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:advanced_package_tool:0.7.17:exp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F467E33-20AC-401C-AF1F-8F4BC0CB0C37\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:advanced_package_tool:0.7.17:exp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"595406A6-DFD2-4E26-82C8-745E0AC0D6B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:advanced_package_tool:0.7.17:exp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"4ED3DB0F-E9BF-4E23-8057-AACA17475C66\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:advanced_package_tool:0.7.17:exp4:*:*:*:*:*:*\",\"matchCriteriaId\":\"39A7A479-6225-43EA-B010-46EF4BC77E10\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:advanced_package_tool:0.7.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EC4CC2E-7E68-4360-8360-B0463D9B6B79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:advanced_package_tool:0.7.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF988A0E-A630-40DD-9387-2C1610D2F932\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:advanced_package_tool:0.7.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"63E05BE6-9BDF-441E-873E-A4D965B3494F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:advanced_package_tool:0.7.20.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EBE7EC9A-2E4D-4A60-AC88-F390F5B3432A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:advanced_package_tool:0.7.20.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2257DAB-0A44-4841-9EF9-CBBF9BB68F40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:advanced_package_tool:0.7.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"47EDE750-C502-4B25-829D-D0C0F2653C19\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:advanced_package_tool:0.7.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"189E20DE-EEFB-488A-B741-4BC80CF553B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:advanced_package_tool:0.7.22.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"96D80D63-6971-4CC7-A9A8-D9D05767F60A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:advanced_package_tool:0.7.22.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1186DDDE-FCF4-45B8-A7EA-2DAE8DA3F010\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:advanced_package_tool:0.7.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"58F88656-5BF9-4D51-9C37-26E9685484F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:advanced_package_tool:0.7.23.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9AB74135-2BB7-42F7-99CB-AFF0B811B66A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:advanced_package_tool:0.7.24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B025168-8319-45C2-82BC-97EBD5EE563E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:advanced_package_tool:0.8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"58F0D8BF-F9D3-40D0-AD71-9978F2A1FD29\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:advanced_package_tool:0.8.0:pre1:*:*:*:*:*:*\",\"matchCriteriaId\":\"E82F9BF7-D4DD-4CF5-BE57-4772B7DDD5D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:advanced_package_tool:0.8.0:pre2:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F4BC141-EEEB-4D0B-A3D4-24929855B685\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:advanced_package_tool:0.8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6CA54D7A-9296-4530-8215-6EB708DDE2B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:advanced_package_tool:0.8.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04F345BE-745C-418D-BF0F-B7A5F1E3A5B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:advanced_package_tool:0.8.10.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46799DD7-E46E-4EB2-AF13-852407384A5C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:advanced_package_tool:0.8.10.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C417AF8F-D12C-4759-B99D-C60E139B9946\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:advanced_package_tool:0.8.10.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"225275E2-3E9E-48FE-A2FF-9FE37A67E550\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:advanced_package_tool:0.8.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3EA2183D-7D9E-4841-A1C9-B843AF3A03F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:advanced_package_tool:0.8.11.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7EAB3B8A-BDFA-4EDD-9A6D-F3CDE4977EDD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:advanced_package_tool:0.8.11.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7A629D58-017D-4F27-B286-42094C727822\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:advanced_package_tool:0.8.11.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9817661D-CACE-4D81-9432-2CDE5A51F4DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:advanced_package_tool:0.8.11.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1A65066-5A1A-4091-9219-6060A662653D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:advanced_package_tool:0.8.11.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FAFCA592-F57F-4C12-A1F7-496BDFB2A4A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:advanced_package_tool:0.8.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9793E4BB-5969-45DB-B9F6-29CB9C98D559\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:advanced_package_tool:0.8.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7427F24E-D3CB-498E-8695-9FC40546CFA5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:advanced_package_tool:0.8.13.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70A8FE33-63BC-4145-A6CA-90A61CB81AC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:advanced_package_tool:0.8.13.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"08C018A3-012C-4790-9D09-36661549A6E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:advanced_package_tool:0.8.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"406C6D95-53B7-4950-83C5-4C27E755F24A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:advanced_package_tool:0.8.14.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0E56161-E80F-4EC4-9D1C-0FBCA672EEFB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:advanced_package_tool:0.8.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"64C1D283-9326-4A6E-9529-BA8D26A36CE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:advanced_package_tool:0.8.15:exp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"1784FE65-DAE2-4E97-96A3-9A1835040245\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:advanced_package_tool:0.8.15:exp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"6368BAB5-D44D-42B3-B5F7-E343E1101CDF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:advanced_package_tool:0.8.15:exp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2D3D5D9-97D1-44C6-B3BE-C9CFC1451FD6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:advanced_package_tool:0.8.15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F5C252C-76F7-492F-AFFB-3BE2A63EE22E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:advanced_package_tool:0.8.15.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"233F5902-0AF1-4417-8C97-34C9B64C09AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:advanced_package_tool:0.8.15.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D613D7E-4456-4F47-9F13-F5D746F8715B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:advanced_package_tool:0.8.15.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6DBD6821-E6C3-4F76-89C9-19478D8EB13A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:advanced_package_tool:0.8.15.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E7D4F82-45B9-4FC9-85C5-3F5E3966A243\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:advanced_package_tool:0.8.15.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"475F9461-71F5-4E01-9399-E0413390A423\"}]}]}],\"references\":[{\"url\":\"http://seclists.org/fulldisclosure/2012/Jun/267\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.ubuntu.com/usn/USN-1475-1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.ubuntu.com/usn/USN-1477-1\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013128\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://seclists.org/fulldisclosure/2012/Jun/267\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/USN-1475-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/USN-1477-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013128\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.