CVE-2013-1051

apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify packages before installation via unknown vectors, possibly related to integrity checking and the use of third-party repositories.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
canonicalCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 33%
VendorProductVersion
debianadvanced_package_tool
0.8.16
debianapt
0.9.7
canonicalubuntu_linux
11.10
canonicalubuntu_linux
12.04
canonicalubuntu_linux
12.10
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
apt
bullseye
2.2.4
fixed
squeeze
not-affected
bookworm
2.6.1
fixed
sid
2.9.10
fixed
trixie
2.9.10
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
apt
quantal
Fixed 0.9.7.5ubuntu5.4
released
precise
Fixed 0.8.16~exp12ubuntu10.10
released
oneiric
Fixed 0.8.16~exp5ubuntu13.7
released
lucid
not-affected
hardy
not-affected
Common Weakness Enumeration
References
http://osvdb.org/91428
http://secunia.com/advisories/52633
http://www.ubuntu.com/usn/USN-1762-1
http://osvdb.org/91428
http://secunia.com/advisories/52633
http://www.ubuntu.com/usn/USN-1762-1