CVE-2012-0962

Aptdaemon 0.43 in Ubuntu 11.10 and 12.04 LTS uses short IDs when importing PPA GPG keys from a keyserver, which allows remote attackers to install arbitrary package repository GPG keys via a man-in-the-middle (MITM) attack.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
canonicalCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 61%
VendorProductVersion
sebastian_heinleinaptdaemon
0.43
canonicalubuntu_linux
11.10
canonicalubuntu_linux
12.04
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
aptdaemon
quantal
not-affected
precise
Fixed 0.43+bzr805-0ubuntu7
released
oneiric
Fixed 0.43+bzr697-0ubuntu1.3
released
lucid
not-affected
hardy
dne
References
http://secunia.com/advisories/51627
http://www.securityfocus.com/bid/56959
http://www.securitytracker.com/id?1027891
http://www.ubuntu.com/usn/USN-1666-1
https://bugs.launchpad.net/software-center-agent/%2Bbug/1052789
http://secunia.com/advisories/51627
http://www.securityfocus.com/bid/56959
http://www.securitytracker.com/id?1027891
http://www.ubuntu.com/usn/USN-1666-1
https://bugs.launchpad.net/software-center-agent/%2Bbug/1052789