The apt-add-repository tool in Ubuntu Software Properties 0.75.x before 0.75.10.3, 0.80.x before 0.80.9.2, 0.81.x before 0.81.13.5, 0.82.x before 0.82.7.3, and 0.92.x before 0.92.8 does not properly check PPA GPG keys imported from a keyserver, which allows remote attackers to install arbitrary package repository GPG keys via a man-in-the-middle (MITM) attack.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
History
21 Nov 2024, 01:44
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.securityfocus.com/bid/55736 - | |
References | () http://www.ubuntu.com/usn/USN-1588-1 - | |
References | () https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1016643 - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/78990 - |
Information
Published : 2012-10-10 18:55
Updated : 2024-11-21 01:44
NVD link : CVE-2012-5356
Mitre link : CVE-2012-5356
CVE.ORG link : CVE-2012-5356
JSON object : View
Products Affected
canonical
- ubuntu_software_properties
CWE
CWE-20
Improper Input Validation