CVE-2012-0214

The pkgAcqMetaClearSig::Failed method in apt-pkg/acquire-item.cc in Advanced Package Tool (APT) 0.8.11 through 0.8.15.10 and 0.8.16 before 0.8.16~exp13, when updating from repositories that use InRelease files, allows man-in-the-middle attackers to install arbitrary packages by preventing a user from downloading the new InRelease file, which leaves the original InRelease file active and makes it more difficult to detect that the Packages file is modified and unsigned.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
debianCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 31%
VendorProductVersion
advanced_package_tooladvanced_package_tool
0.8.11
advanced_package_tooladvanced_package_tool
0.8.12
advanced_package_tooladvanced_package_tool
0.8.13
advanced_package_tooladvanced_package_tool
0.8.14
advanced_package_tooladvanced_package_tool
0.8.15
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
apt
bullseye
2.2.4
fixed
squeeze
not-affected
lenny
not-affected
bookworm
2.6.1
fixed
sid
2.9.10
fixed
trixie
2.9.10
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
apt
oneiric
Fixed 0.8.16~exp5ubuntu13.2
released
natty
Fixed 0.8.13.2ubuntu4.4
released
maverick
not-affected
lucid
not-affected
hardy
not-affected
Common Weakness Enumeration
References
http://anonscm.debian.org/gitweb/?p=apt/apt.git%3Ba=commitdiff%3Bh=b7a6594d1e5ed199a7a472b78b33e070375d6f92
http://anonscm.debian.org/gitweb/?p=apt/apt.git%3Ba=commitdiff%3Bh=de498a528cd6fc36c4bb22bf8dec6558e21cc9b6
http://www.ubuntu.com/usn/USN-1385-1
http://anonscm.debian.org/gitweb/?p=apt/apt.git%3Ba=commitdiff%3Bh=b7a6594d1e5ed199a7a472b78b33e070375d6f92
http://anonscm.debian.org/gitweb/?p=apt/apt.git%3Ba=commitdiff%3Bh=de498a528cd6fc36c4bb22bf8dec6558e21cc9b6
http://www.ubuntu.com/usn/USN-1385-1