CVE-2012-5356

EUVD-2012-5277
The apt-add-repository tool in Ubuntu Software Properties 0.75.x before 0.75.10.3, 0.80.x before 0.80.9.2, 0.81.x before 0.81.13.5, 0.82.x before 0.82.7.3, and 0.92.x before 0.92.8 does not properly check PPA GPG keys imported from a keyserver, which allows remote attackers to install arbitrary package repository GPG keys via a man-in-the-middle (MITM) attack.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 70%
Affected Products (NVD)
VendorProductVersion
canonicalubuntu_software_properties
0.75.4
canonicalubuntu_software_properties
0.75.5
canonicalubuntu_software_properties
0.75.6
canonicalubuntu_software_properties
0.75.7
canonicalubuntu_software_properties
0.75.8
canonicalubuntu_software_properties
0.75.9
canonicalubuntu_software_properties
0.75.10
canonicalubuntu_software_properties
0.75.10.1
canonicalubuntu_software_properties
0.75.10.2
canonicalubuntu_software_properties
0.80
canonicalubuntu_software_properties
0.80.2
canonicalubuntu_software_properties
0.80.3
canonicalubuntu_software_properties
0.80.4
canonicalubuntu_software_properties
0.80.5
canonicalubuntu_software_properties
0.80.6
canonicalubuntu_software_properties
0.80.7
canonicalubuntu_software_properties
0.80.8
canonicalubuntu_software_properties
0.80.9
canonicalubuntu_software_properties
0.80.9.1
canonicalubuntu_software_properties
0.81
canonicalubuntu_software_properties
0.81.1
canonicalubuntu_software_properties
0.81.2
canonicalubuntu_software_properties
0.81.3
canonicalubuntu_software_properties
0.81.4
canonicalubuntu_software_properties
0.81.5
canonicalubuntu_software_properties
0.81.6
canonicalubuntu_software_properties
0.81.7
canonicalubuntu_software_properties
0.81.8
canonicalubuntu_software_properties
0.81.9
canonicalubuntu_software_properties
0.81.10
canonicalubuntu_software_properties
0.81.11
canonicalubuntu_software_properties
0.81.13
canonicalubuntu_software_properties
0.81.13.1
canonicalubuntu_software_properties
0.81.13.2
canonicalubuntu_software_properties
0.81.13.3
canonicalubuntu_software_properties
0.81.13.4
canonicalubuntu_software_properties
0.82
canonicalubuntu_software_properties
0.82.2
canonicalubuntu_software_properties
0.82.3
canonicalubuntu_software_properties
0.82.4
canonicalubuntu_software_properties
0.82.5
canonicalubuntu_software_properties
0.82.6
canonicalubuntu_software_properties
0.82.7
canonicalubuntu_software_properties
0.82.7.1
canonicalubuntu_software_properties
0.82.7.2
canonicalubuntu_software_properties
0.92
canonicalubuntu_software_properties
0.92.2
canonicalubuntu_software_properties
0.92.3
canonicalubuntu_software_properties
0.92.4
canonicalubuntu_software_properties
0.92.5
canonicalubuntu_software_properties
0.92.6
canonicalubuntu_software_properties
0.92.7
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
software-properties
hardy
ignored
lucid
Fixed 0.75.10.3
released
natty
Fixed 0.80.9.2
released
oneiric
Fixed 0.81.13.5
released
precise
Fixed 0.82.7.3
released
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/55736
http://www.ubuntu.com/usn/USN-1588-1
https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1016643
https://exchange.xforce.ibmcloud.com/vulnerabilities/78990
http://www.securityfocus.com/bid/55736
http://www.ubuntu.com/usn/USN-1588-1
https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1016643
https://exchange.xforce.ibmcloud.com/vulnerabilities/78990