CVE-2012-0944

EUVD-2012-0967
Aptdaemon 0.43 and earlier in Ubuntu 11.04, 11.10, and 12.04 LTS does not authenticate packages when the transaction is not simulated, which allows remote attackers to install arbitrary packages via a man-in-the-middle attack.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 64%
Affected Products (NVD)
VendorProductVersion
sebastian_heinleinaptdaemon
𝑥
≤ 0.42
sebastian_heinleinaptdaemon
0.20
sebastian_heinleinaptdaemon
0.30
sebastian_heinleinaptdaemon
0.31
sebastian_heinleinaptdaemon
0.32
sebastian_heinleinaptdaemon
0.33
sebastian_heinleinaptdaemon
0.34
sebastian_heinleinaptdaemon
0.40
sebastian_heinleinaptdaemon
0.41
canonicalubuntu_linux
11.04
canonicalubuntu_linux
11.10
canonicalubuntu_linux
12.04:lts
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
aptdaemon
hardy
dne
lucid
not-affected
maverick
not-affected
natty
Fixed 0.41+bzr661-0ubuntu0.2
released
oneiric
Fixed 0.43+bzr697-0ubuntu1.2
released
Common Weakness Enumeration
References
http://secunia.com/advisories/48688
http://ubuntu.com/usn/usn-1414-1
http://www.osvdb.org/80887
http://www.securityfocus.com/bid/52855
https://bugs.launchpad.net/ubuntu/%2Bsource/aptdaemon/%2Bbug/959131
https://exchange.xforce.ibmcloud.com/vulnerabilities/74553
http://secunia.com/advisories/48688
http://ubuntu.com/usn/usn-1414-1
http://www.osvdb.org/80887
http://www.securityfocus.com/bid/52855
https://bugs.launchpad.net/ubuntu/%2Bsource/aptdaemon/%2Bbug/959131
https://exchange.xforce.ibmcloud.com/vulnerabilities/74553