CVE-2012-0944

Published Jun 4, 2012

Last updated 7 years ago

Overview

Description: Aptdaemon 0.43 and earlier in Ubuntu 11.04, 11.10, and 12.04 LTS does not authenticate packages when the transaction is not simulated, which allows remote attackers to install arbitrary packages via a man-in-the-middle attack.
Source: security@ubuntu.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-287

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sebastian_heinlein:aptdaemon:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DDA070A6-E888-45FA-A51C-5AAF94575186",
            "versionEndIncluding": "0.42"
          },
          {
            "criteria": "cpe:2.3:a:sebastian_heinlein:aptdaemon:0.20:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3DC245C4-29B1-4932-B2AC-DD839AE73F80"
          },
          {
            "criteria": "cpe:2.3:a:sebastian_heinlein:aptdaemon:0.30:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FF35FE2C-069A-4655-B89D-09E1D8A6AAA7"
          },
          {
            "criteria": "cpe:2.3:a:sebastian_heinlein:aptdaemon:0.31:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C17B1B89-B1F8-4033-8B55-4103D3B25055"
          },
          {
            "criteria": "cpe:2.3:a:sebastian_heinlein:aptdaemon:0.32:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "12ADB378-57FF-4119-B366-70CD9404F021"
          },
          {
            "criteria": "cpe:2.3:a:sebastian_heinlein:aptdaemon:0.33:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "274F5887-CA53-4F3E-B4A1-4E47B9630452"
          },
          {
            "criteria": "cpe:2.3:a:sebastian_heinlein:aptdaemon:0.34:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5DB11186-CA4D-48F6-8B55-91D3D7B8603A"
          },
          {
            "criteria": "cpe:2.3:a:sebastian_heinlein:aptdaemon:0.40:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BFBCA267-B4A8-4D72-AEB5-90E1CD811C80"
          },
          {
            "criteria": "cpe:2.3:a:sebastian_heinlein:aptdaemon:0.41:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4C2B6B38-1636-4B5F-9D08-65F8F3C46D5B"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EF49D26F-142E-468B-87C1-BABEA445255C"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:lts:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B7634053-30B3-4577-9B13-1782DD5B9762"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References