CVE-2012-5356

The apt-add-repository tool in Ubuntu Software Properties 0.75.x before 0.75.10.3, 0.80.x before 0.80.9.2, 0.81.x before 0.81.13.5, 0.82.x before 0.82.7.3, and 0.92.x before 0.92.8 does not properly check PPA GPG keys imported from a keyserver, which allows remote attackers to install arbitrary package repository GPG keys via a man-in-the-middle (MITM) attack.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 70%
VendorProductVersion
canonicalubuntu_software_properties
0.75.4
canonicalubuntu_software_properties
0.75.5
canonicalubuntu_software_properties
0.75.6
canonicalubuntu_software_properties
0.75.7
canonicalubuntu_software_properties
0.75.8
canonicalubuntu_software_properties
0.75.9
canonicalubuntu_software_properties
0.75.10
canonicalubuntu_software_properties
0.75.10.1
canonicalubuntu_software_properties
0.75.10.2
canonicalubuntu_software_properties
0.80
canonicalubuntu_software_properties
0.80.2
canonicalubuntu_software_properties
0.80.3
canonicalubuntu_software_properties
0.80.4
canonicalubuntu_software_properties
0.80.5
canonicalubuntu_software_properties
0.80.6
canonicalubuntu_software_properties
0.80.7
canonicalubuntu_software_properties
0.80.8
canonicalubuntu_software_properties
0.80.9
canonicalubuntu_software_properties
0.80.9.1
canonicalubuntu_software_properties
0.81
canonicalubuntu_software_properties
0.81.1
canonicalubuntu_software_properties
0.81.2
canonicalubuntu_software_properties
0.81.3
canonicalubuntu_software_properties
0.81.4
canonicalubuntu_software_properties
0.81.5
canonicalubuntu_software_properties
0.81.6
canonicalubuntu_software_properties
0.81.7
canonicalubuntu_software_properties
0.81.8
canonicalubuntu_software_properties
0.81.9
canonicalubuntu_software_properties
0.81.10
canonicalubuntu_software_properties
0.81.11
canonicalubuntu_software_properties
0.81.13
canonicalubuntu_software_properties
0.81.13.1
canonicalubuntu_software_properties
0.81.13.2
canonicalubuntu_software_properties
0.81.13.3
canonicalubuntu_software_properties
0.81.13.4
canonicalubuntu_software_properties
0.82
canonicalubuntu_software_properties
0.82.2
canonicalubuntu_software_properties
0.82.3
canonicalubuntu_software_properties
0.82.4
canonicalubuntu_software_properties
0.82.5
canonicalubuntu_software_properties
0.82.6
canonicalubuntu_software_properties
0.82.7
canonicalubuntu_software_properties
0.82.7.1
canonicalubuntu_software_properties
0.82.7.2
canonicalubuntu_software_properties
0.92
canonicalubuntu_software_properties
0.92.2
canonicalubuntu_software_properties
0.92.3
canonicalubuntu_software_properties
0.92.4
canonicalubuntu_software_properties
0.92.5
canonicalubuntu_software_properties
0.92.6
canonicalubuntu_software_properties
0.92.7
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
software-properties
precise
Fixed 0.82.7.3
released
oneiric
Fixed 0.81.13.5
released
natty
Fixed 0.80.9.2
released
lucid
Fixed 0.75.10.3
released
hardy
ignored
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/55736
http://www.ubuntu.com/usn/USN-1588-1
https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1016643
https://exchange.xforce.ibmcloud.com/vulnerabilities/78990
http://www.securityfocus.com/bid/55736
http://www.ubuntu.com/usn/USN-1588-1
https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1016643
https://exchange.xforce.ibmcloud.com/vulnerabilities/78990