CVE-2019-15795

Published Mar 26, 2020
Last updated 5 years ago
CVSS medium 4.7
Overview

Description: python-apt only checks the MD5 sums of downloaded files in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py in version 1.9.0ubuntu1 and earlier. This allows a man-in-the-middle attack which could potentially be used to install altered packages and has been fixed in versions 1.9.0ubuntu1.2, 1.6.5ubuntu0.1, 1.1.0~beta1ubuntu0.16.04.7, 0.9.3.5ubuntu3+esm2, and 0.8.3ubuntu7.5.
Source: security@ubuntu.com
NVD status: Analyzed
Risk scores

CVSS 3.1

Type: Primary
Base score: 4.7
Impact score: 2.7
Exploitability score: 1.6
Vector string: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM
CVSS 2.0

Type: Primary
Base score: 2.6
Impact score: 2.9
Exploitability score: 4.9
Vector string: AV:N/AC:H/Au:N/C:N/I:P/A:N
Weaknesses

nvd@nist.gov: CWE-327
security@ubuntu.com: CWE-327
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ubuntu:python-apt:0.8.0:ubuntu9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C8023A14-4ECA-4A75-8171-26709D2D3792"
          },
          {
            "criteria": "cpe:2.3:a:ubuntu:python-apt:0.8.1:ubuntu1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1EF9A385-956B-472C-A679-A3FE4AC00592"
          },
          {
            "criteria": "cpe:2.3:a:ubuntu:python-apt:0.8.3:ubuntu1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D8875AAE-0C17-4D78-AFE4-6BB22EB77954"
          },
          {
            "criteria": "cpe:2.3:a:ubuntu:python-apt:0.8.3:ubuntu2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A863CCB4-564A-4B48-B848-BDD4136E6344"
          },
          {
            "criteria": "cpe:2.3:a:ubuntu:python-apt:0.8.3:ubuntu3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1C8E5FCA-385C-417C-99F5-D567561FF726"
          },
          {
            "criteria": "cpe:2.3:a:ubuntu:python-apt:0.8.3:ubuntu4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9007120A-79E2-40BB-AF85-7D3A5BA12D57"
          },
          {
            "criteria": "cpe:2.3:a:ubuntu:python-apt:0.8.3:ubuntu5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "17342A94-F344-48F4-AF01-C8D9787A026F"
          },
          {
            "criteria": "cpe:2.3:a:ubuntu:python-apt:0.8.3:ubuntu6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AF594C79-79DF-4347-A032-D9E33BE17D56"
          },
          {
            "criteria": "cpe:2.3:a:ubuntu:python-apt:0.8.3:ubuntu7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4ABCF70B-DCD4-4D2A-830D-4BE9E4E0CC20"
          },
          {
            "criteria": "cpe:2.3:a:ubuntu:python-apt:0.8.3:ubuntu7.1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ED043341-3D12-4BAD-B064-1FD31BD94EBF"
          },
          {
            "criteria": "cpe:2.3:a:ubuntu:python-apt:0.8.3:ubuntu7.2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B68421C7-67B0-418E-A1F4-D202AF56A074"
          },
          {
            "criteria": "cpe:2.3:a:ubuntu:python-apt:0.8.3:ubuntu7.3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "85D25189-5488-4C05-A187-CBD57F0BFB6B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ubuntu:python-apt:0.8.9.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B9412B9A-6972-4250-98C6-2D24FD3CA870"
          },
          {
            "criteria": "cpe:2.3:a:ubuntu:python-apt:0.8.9.1:ubuntu1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F8F30079-BCC5-4764-BA0B-B788054D4A1C"
          },
          {
            "criteria": "cpe:2.3:a:ubuntu:python-apt:0.9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BECDB14E-DCF8-40E6-9A69-DD4B33689481"
          },
          {
            "criteria": "cpe:2.3:a:ubuntu:python-apt:0.9.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5FCC5B74-E260-4420-BA69-52D931D0816A"
          },
          {
            "criteria": "cpe:2.3:a:ubuntu:python-apt:0.9.1:build1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "78BD7CBD-B1A5-4998-A356-96B6EBB69884"
          },
          {
            "criteria": "cpe:2.3:a:ubuntu:python-apt:0.9.1:build2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E022EBAC-22FD-4174-BD9C-FDC8C59B4EA9"
          },
          {
            "criteria": "cpe:2.3:a:ubuntu:python-apt:0.9.1:ubuntu1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "76BB9D6E-960E-441B-9BE6-A91871F8BF2B"
          },
          {
            "criteria": "cpe:2.3:a:ubuntu:python-apt:0.9.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "95AAB90A-99D3-42B7-AC6D-F292F5DC338D"
          },
          {
            "criteria": "cpe:2.3:a:ubuntu:python-apt:0.9.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "78EFED05-114B-4ACC-ACE7-4862FF3CEF21"
          },
          {
            "criteria": "cpe:2.3:a:ubuntu:python-apt:0.9.3.2:ubuntu1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "492F2102-1B12-49BA-ACAD-811896D6D41C"
          },
          {
            "criteria": "cpe:2.3:a:ubuntu:python-apt:0.9.3.2:ubuntu2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F7B9C782-B85D-40B0-9B2D-3A0E0717124F"
          },
          {
            "criteria": "cpe:2.3:a:ubuntu:python-apt:0.9.3.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BBE95FDD-1DD6-4EE1-BBDB-466286246D34"
          },
          {
            "criteria": "cpe:2.3:a:ubuntu:python-apt:0.9.3.3:ubuntu1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BED15761-D52F-4DFA-B311-5E83C098CA92"
          },
          {
            "criteria": "cpe:2.3:a:ubuntu:python-apt:0.9.3.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DA6E2809-0168-40ED-8E6D-11EFEAD691E7"
          },
          {
            "criteria": "cpe:2.3:a:ubuntu:python-apt:0.9.3.4:build1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "17F79D9B-B0E4-4DE3-B56E-8C0DB7D11B06"
          },
          {
            "criteria": "cpe:2.3:a:ubuntu:python-apt:0.9.3.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EE723A31-105B-4B7A-BD36-39F66F2D328A"
          },
          {
            "criteria": "cpe:2.3:a:ubuntu:python-apt:0.9.3.5:ubuntu1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "420F0F94-6271-46B6-A764-F80734025924"
          },
          {
            "criteria": "cpe:2.3:a:ubuntu:python-apt:0.9.3.5:ubuntu2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4FBFE40A-1CFD-421F-9EB1-78A655CB4D18"
          },
          {
            "criteria": "cpe:2.3:a:ubuntu:python-apt:0.9.3.5:ubuntu3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "365D175D-306D-4FF2-9AFC-6E61C5EC4894"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ubuntu:python-apt:1.0.1:build1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "13651D35-2210-459D-ACF9-24098BA9FA94"
          },
          {
            "criteria": "cpe:2.3:a:ubuntu:python-apt:1.0.1:ubuntu1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CABE1D3B-3CF8-4CEE-AD4B-A763041E06C0"
          },
          {
            "criteria": "cpe:2.3:a:ubuntu:python-apt:1.0.1:ubuntu2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "77EB9A5F-D8DA-497F-BF0E-A59859C7866D"
          },
          {
            "criteria": "cpe:2.3:a:ubuntu:python-apt:1.1.0:beta1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4E64022C-0775-4DD2-9B57-490EE4E5147C"
          },
          {
            "criteria": "cpe:2.3:a:ubuntu:python-apt:1.1.0:beta1build1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "09B3C47B-8C39-454E-9604-61EFF6F271E3"
          },
          {
            "criteria": "cpe:2.3:a:ubuntu:python-apt:1.1.0:beta1ubuntu0.16.04.1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "84D6B098-CDA0-489A-A0F2-9E30398ACFCD"
          },
          {
            "criteria": "cpe:2.3:a:ubuntu:python-apt:1.1.0:beta1ubuntu0.16.04.2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DC1A8478-5D50-4574-8ED5-D4DC1617128C"
          },
          {
            "criteria": "cpe:2.3:a:ubuntu:python-apt:1.1.0:beta1ubuntu0.16.04.3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "02ED67EF-AD26-44D9-966E-7F2EFACA98FD"
          },
          {
            "criteria": "cpe:2.3:a:ubuntu:python-apt:1.1.0:beta1ubuntu0.16.04.4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8EF37D60-DF9C-494D-9E99-CAF2688D2709"
          },
          {
            "criteria": "cpe:2.3:a:ubuntu:python-apt:1.1.0:beta1ubuntu0.16.04.5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DF4CF123-0348-4DBA-87AC-8C02CB6C560A"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:debian:python-apt:1.8.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "14C28F87-5F9F-4DC6-A690-0CFDDD3C4345"
          },
          {
            "criteria": "cpe:2.3:a:ubuntu:python-apt:1.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0C32BE0B-1346-4ED3-8A80-4AA6EE2FD44B"
          },
          {
            "criteria": "cpe:2.3:a:ubuntu:python-apt:1.4.0:beta3build2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "223E48D6-EFD6-43CC-8A57-3FBE61007B43"
          },
          {
            "criteria": "cpe:2.3:a:ubuntu:python-apt:1.4.0:beta3ubuntu1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "276A516B-F419-4922-AD3D-089D894B75EE"
          },
          {
            "criteria": "cpe:2.3:a:ubuntu:python-apt:1.6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A174B38B-D155-4D1D-82CC-B62380F68D33"
          },
          {
            "criteria": "cpe:2.3:a:ubuntu:python-apt:1.6.0:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A8692D74-6D5C-4606-BB15-7ADF95E22171"
          },
          {
            "criteria": "cpe:2.3:a:ubuntu:python-apt:1.6.0:rc2ubuntu1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2C96734E-FB35-4525-B69F-00BB8F210459"
          },
          {
            "criteria": "cpe:2.3:a:ubuntu:python-apt:1.6.0:rc2ubuntu2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F4B4B6D1-9399-4EA1-B4CE-82E1148E9894"
          },
          {
            "criteria": "cpe:2.3:a:ubuntu:python-apt:1.6.0:rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3781605F-02A1-40CC-9D02-E2140B1B3064"
          },
          {
            "criteria": "cpe:2.3:a:ubuntu:python-apt:1.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E05CF21E-EACE-4B18-9180-03B0983F95AD"
          },
          {
            "criteria": "cpe:2.3:a:ubuntu:python-apt:1.6.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "307ECCEB-8E55-49FC-B44F-319BC07F0A05"
          },
          {
            "criteria": "cpe:2.3:a:ubuntu:python-apt:1.6.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5C00B937-3F2A-4E3C-8C09-ECF01662A05B"
          },
          {
            "criteria": "cpe:2.3:a:ubuntu:python-apt:1.6.3:ubuntu1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DE4A7E7B-C520-4B56-A802-96DBE153284C"
          },
          {
            "criteria": "cpe:2.3:a:ubuntu:python-apt:1.6.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5290F1FF-D143-4B10-BE1A-3BBC17D42A6F"
          },
          {
            "criteria": "cpe:2.3:a:ubuntu:python-apt:1.8.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EE146221-82F3-4CDE-A713-6A3FA6742F71"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ubuntu:python-apt:1.8.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EE146221-82F3-4CDE-A713-6A3FA6742F71"
          },
          {
            "criteria": "cpe:2.3:a:ubuntu:python-apt:1.9.0:alpha0\\~ubuntu1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A20E9163-0590-44C8-81EF-DE999F9D504A"
          },
          {
            "criteria": "cpe:2.3:a:ubuntu:python-apt:1.9.0:alpha0\\~ubuntu2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3F84F347-CBD7-4E07-AF93-997E7C6569CF"
          },
          {
            "criteria": "cpe:2.3:a:ubuntu:python-apt:1.9.0:ubuntu1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ACA89794-91C5-48BD-AF40-971D892717EC"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ubuntu:python-apt:1.7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A5C41C59-4955-42D5-8724-A67D8DA7B9E3"
          },
          {
            "criteria": "cpe:2.3:a:ubuntu:python-apt:1.8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "163726B0-4A4F-4F7E-9A48-06BEFC29DC6F"
          },
          {
            "criteria": "cpe:2.3:a:ubuntu:python-apt:1.8.0:alpha0\\~ubuntu1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1BC6ADE4-D2AB-424F-A63D-57840016D6F2"
          },
          {
            "criteria": "cpe:2.3:a:ubuntu:python-apt:1.8.0:alpha0\\~ubuntu2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1BBD93FF-57C9-488E-8C11-CFA8EC1C5345"
          },
          {
            "criteria": "cpe:2.3:a:ubuntu:python-apt:1.8.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1C378E5B-9AF4-436C-BAE6-1A009F5D490E"
          },
          {
            "criteria": "cpe:2.3:a:ubuntu:python-apt:1.8.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6726FF84-F4DF-47A9-910B-9288D57A22BA"
          },
          {
            "criteria": "cpe:2.3:a:ubuntu:python-apt:1.8.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FAC0AE27-85A4-4F6C-80E3-08A6B45F267C"
          },
          {
            "criteria": "cpe:2.3:a:ubuntu:python-apt:1.8.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EE146221-82F3-4CDE-A713-6A3FA6742F71"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]
Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References
