CVE-2012-0944

Aptdaemon 0.43 and earlier in Ubuntu 11.04, 11.10, and 12.04 LTS does not authenticate packages when the transaction is not simulated, which allows remote attackers to install arbitrary packages via a man-in-the-middle attack.

Published: Jun 4, 2012
Updated: Apr 13, 2023
CVE: CVE-2012-0944
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
sebastian_heinlein / aptdaemon	-	0.42.x
canonical / ubuntu_linux	12.04-lts	12.04-lts.x
sebastian_heinlein / aptdaemon	0.32	0.32.x
canonical / ubuntu_linux	11.04	11.04.x
sebastian_heinlein / aptdaemon	0.20	0.20.x
sebastian_heinlein / aptdaemon	0.41	0.41.x
sebastian_heinlein / aptdaemon	0.30	0.30.x
canonical / ubuntu_linux	11.10	11.10.x
sebastian_heinlein / aptdaemon	0.33	0.33.x
sebastian_heinlein / aptdaemon	0.40	0.40.x
sebastian_heinlein / aptdaemon	0.34	0.34.x
sebastian_heinlein / aptdaemon	0.31	0.31.x

http://secunia.com/advisories/48688
http://ubuntu.com/usn/usn-1414-1
http://www.osvdb.org/80887
http://www.securityfocus.com/bid/52855
https://bugs.launchpad.net/ubuntu/%2Bsource/aptdaemon/%2Bbug/959131
https://exchange.xforce.ibmcloud.com/vulnerabilities/74553

Vulnerability Database

CVE-2012-0944