CVE-2012-3587

EUVD-2012-3534
APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-middle (MITM) attack.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.6 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
Affected Products (NVD)
VendorProductVersion
debianadvanced_package_tool
0.7.0
debianadvanced_package_tool
0.7.1
debianadvanced_package_tool
0.7.2
debianadvanced_package_tool
0.7.2-0.1
debianadvanced_package_tool
0.7.10
debianadvanced_package_tool
0.7.11
debianadvanced_package_tool
0.7.12
debianadvanced_package_tool
0.7.13
debianadvanced_package_tool
0.7.14
debianadvanced_package_tool
0.7.15
debianadvanced_package_tool
0.7.15:exp1
debianadvanced_package_tool
0.7.15:exp2
debianadvanced_package_tool
0.7.15:exp3
debianadvanced_package_tool
0.7.16
debianadvanced_package_tool
0.7.17
debianadvanced_package_tool
0.7.17:exp1
debianadvanced_package_tool
0.7.17:exp2
debianadvanced_package_tool
0.7.17:exp3
debianadvanced_package_tool
0.7.17:exp4
debianadvanced_package_tool
0.7.18
debianadvanced_package_tool
0.7.19
debianadvanced_package_tool
0.7.20
debianadvanced_package_tool
0.7.20.1
debianadvanced_package_tool
0.7.20.2
debianadvanced_package_tool
0.7.21
debianadvanced_package_tool
0.7.22
debianadvanced_package_tool
0.7.22.1
debianadvanced_package_tool
0.7.22.2
debianadvanced_package_tool
0.7.23
debianadvanced_package_tool
0.7.23.1
debianadvanced_package_tool
0.7.24
debianadvanced_package_tool
0.8.0
debianadvanced_package_tool
0.8.0:pre1
debianadvanced_package_tool
0.8.0:pre2
debianadvanced_package_tool
0.8.1
debianadvanced_package_tool
0.8.10
debianadvanced_package_tool
0.8.10.1
debianadvanced_package_tool
0.8.10.2
debianadvanced_package_tool
0.8.10.3
debianadvanced_package_tool
0.8.11
debianadvanced_package_tool
0.8.11.1
debianadvanced_package_tool
0.8.11.2
debianadvanced_package_tool
0.8.11.3
debianadvanced_package_tool
0.8.11.4
debianadvanced_package_tool
0.8.11.5
debianadvanced_package_tool
0.8.12
debianadvanced_package_tool
0.8.13
debianadvanced_package_tool
0.8.13.1
debianadvanced_package_tool
0.8.13.2
debianadvanced_package_tool
0.8.14
debianadvanced_package_tool
0.8.14.1
debianadvanced_package_tool
0.8.15
debianadvanced_package_tool
0.8.15:exp1
debianadvanced_package_tool
0.8.15:exp2
debianadvanced_package_tool
0.8.15:exp3
debianadvanced_package_tool
0.8.15.1
debianadvanced_package_tool
0.8.15.6
debianadvanced_package_tool
0.8.15.7
debianadvanced_package_tool
0.8.15.8
debianadvanced_package_tool
0.8.15.9
debianadvanced_package_tool
0.8.15.10
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
apt
bookworm
2.6.1
fixed
bullseye
2.2.4
fixed
sid
2.9.10
fixed
trixie
2.9.10
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
apt
hardy
Fixed 0.7.9ubuntu17.6
released
lucid
Fixed 0.7.25.3ubuntu9.13
released
natty
Fixed 0.8.13.2ubuntu4.6
released
oneiric
Fixed 0.8.16~exp5ubuntu13.5
released
precise
Fixed 0.8.16~exp12ubuntu10.2
released
Common Weakness Enumeration
References
http://seclists.org/fulldisclosure/2012/Jun/267
http://www.ubuntu.com/usn/USN-1475-1
http://www.ubuntu.com/usn/USN-1477-1
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013128
http://seclists.org/fulldisclosure/2012/Jun/267
http://www.ubuntu.com/usn/USN-1475-1
http://www.ubuntu.com/usn/USN-1477-1
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013128