CVE-2012-0944

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2012-0944

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

A

ptdaemon 0.43 and earlier in Ubuntu 11.04, 11.10, and 12.04 LTS does not authenticate packages when the transaction is not simulated, which allows remote attackers to install arbitrary packages via a man-in-the-middle attack.

References
Link Resource
http://secunia.com/advisories/48688 Vendor Advisory
http://ubuntu.com/usn/usn-1414-1
http://www.osvdb.org/80887
http://www.securityfocus.com/bid/52855
https://bugs.launchpad.net/ubuntu/%2Bsource/aptdaemon/%2Bbug/959131
https://exchange.xforce.ibmcloud.com/vulnerabilities/74553
http://secunia.com/advisories/48688 Vendor Advisory
http://ubuntu.com/usn/usn-1414-1
http://www.osvdb.org/80887
http://www.securityfocus.com/bid/52855
https://bugs.launchpad.net/ubuntu/%2Bsource/aptdaemon/%2Bbug/959131
https://exchange.xforce.ibmcloud.com/vulnerabilities/74553
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sebastian_heinlein:aptdaemon:*:*:*:*:*:*:*:*
cpe:2.3:a:sebastian_heinlein:aptdaemon:0.20:*:*:*:*:*:*:*
cpe:2.3:a:sebastian_heinlein:aptdaemon:0.30:*:*:*:*:*:*:*
cpe:2.3:a:sebastian_heinlein:aptdaemon:0.31:*:*:*:*:*:*:*
cpe:2.3:a:sebastian_heinlein:aptdaemon:0.32:*:*:*:*:*:*:*
cpe:2.3:a:sebastian_heinlein:aptdaemon:0.33:*:*:*:*:*:*:*
cpe:2.3:a:sebastian_heinlein:aptdaemon:0.34:*:*:*:*:*:*:*
cpe:2.3:a:sebastian_heinlein:aptdaemon:0.40:*:*:*:*:*:*:*
cpe:2.3:a:sebastian_heinlein:aptdaemon:0.41:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:lts:*:*:*:*:*:*
History

21 Nov 2024, 01:36

Type Values Removed Values Added
References () http://secunia.com/advisories/48688 - Vendor Advisory () http://secunia.com/advisories/48688 - Vendor Advisory
References () http://ubuntu.com/usn/usn-1414-1 - () http://ubuntu.com/usn/usn-1414-1 -
References () http://www.osvdb.org/80887 - () http://www.osvdb.org/80887 -
References () http://www.securityfocus.com/bid/52855 - () http://www.securityfocus.com/bid/52855 -
References () https://bugs.launchpad.net/ubuntu/%2Bsource/aptdaemon/%2Bbug/959131 - () https://bugs.launchpad.net/ubuntu/%2Bsource/aptdaemon/%2Bbug/959131 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/74553 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/74553 -
Information

Published : 2012-06-04 20:55

Updated : 2025-04-11 00:51

NVD link : CVE-2012-0944

Mitre link : CVE-2012-0944

CVE.ORG link : CVE-2012-0944

JSON object : View

Products Affected

canonical

sebastian_heinlein

CWE
CWE-287

Improper Authentication