CVE-2012-0214

EUVD-2012-0251
The pkgAcqMetaClearSig::Failed method in apt-pkg/acquire-item.cc in Advanced Package Tool (APT) 0.8.11 through 0.8.15.10 and 0.8.16 before 0.8.16~exp13, when updating from repositories that use InRelease files, allows man-in-the-middle attackers to install arbitrary packages by preventing a user from downloading the new InRelease file, which leaves the original InRelease file active and makes it more difficult to detect that the Packages file is modified and unsigned.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 30%
Affected Products (NVD)
VendorProductVersion
advanced_package_tooladvanced_package_tool
0.8.11
advanced_package_tooladvanced_package_tool
0.8.12
advanced_package_tooladvanced_package_tool
0.8.13
advanced_package_tooladvanced_package_tool
0.8.14
advanced_package_tooladvanced_package_tool
0.8.15
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
apt
bookworm
2.6.1
fixed
bullseye
2.2.4
fixed
lenny
not-affected
sid
2.9.10
fixed
squeeze
not-affected
trixie
2.9.10
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
apt
hardy
not-affected
lucid
not-affected
maverick
not-affected
natty
Fixed 0.8.13.2ubuntu4.4
released
oneiric
Fixed 0.8.16~exp5ubuntu13.2
released
Common Weakness Enumeration
References
http://anonscm.debian.org/gitweb/?p=apt/apt.git%3Ba=commitdiff%3Bh=b7a6594d1e5ed199a7a472b78b33e070375d6f92
http://anonscm.debian.org/gitweb/?p=apt/apt.git%3Ba=commitdiff%3Bh=de498a528cd6fc36c4bb22bf8dec6558e21cc9b6
http://www.ubuntu.com/usn/USN-1385-1
http://anonscm.debian.org/gitweb/?p=apt/apt.git%3Ba=commitdiff%3Bh=b7a6594d1e5ed199a7a472b78b33e070375d6f92
http://anonscm.debian.org/gitweb/?p=apt/apt.git%3Ba=commitdiff%3Bh=de498a528cd6fc36c4bb22bf8dec6558e21cc9b6
http://www.ubuntu.com/usn/USN-1385-1