CVE-2012-0944

Aptdaemon 0.43 and earlier in Ubuntu 11.04, 11.10, and 12.04 LTS does not authenticate packages when the transaction is not simulated, which allows remote attackers to install arbitrary packages via a man-in-the-middle attack.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
canonicalCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
VendorProductVersion
sebastian_heinleinaptdaemon
𝑥
≤ 0.42
sebastian_heinleinaptdaemon
0.20
sebastian_heinleinaptdaemon
0.30
sebastian_heinleinaptdaemon
0.31
sebastian_heinleinaptdaemon
0.32
sebastian_heinleinaptdaemon
0.33
sebastian_heinleinaptdaemon
0.34
sebastian_heinleinaptdaemon
0.40
sebastian_heinleinaptdaemon
0.41
canonicalubuntu_linux
11.04
canonicalubuntu_linux
11.10
canonicalubuntu_linux
12.04:lts
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
aptdaemon
oneiric
Fixed 0.43+bzr697-0ubuntu1.2
released
natty
Fixed 0.41+bzr661-0ubuntu0.2
released
maverick
not-affected
lucid
not-affected
hardy
dne
Common Weakness Enumeration
References
http://secunia.com/advisories/48688
http://ubuntu.com/usn/usn-1414-1
http://www.osvdb.org/80887
http://www.securityfocus.com/bid/52855
https://bugs.launchpad.net/ubuntu/%2Bsource/aptdaemon/%2Bbug/959131
https://exchange.xforce.ibmcloud.com/vulnerabilities/74553
http://secunia.com/advisories/48688
http://ubuntu.com/usn/usn-1414-1
http://www.osvdb.org/80887
http://www.securityfocus.com/bid/52855
https://bugs.launchpad.net/ubuntu/%2Bsource/aptdaemon/%2Bbug/959131
https://exchange.xforce.ibmcloud.com/vulnerabilities/74553