CVE-2011-3374 - OpenCVE

It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Debian	Advanced Package Tool Debian Linux

Configuration 1 [-]

cpe:2.3:a:debian:advanced_package_tool:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*
	cpe:2.3:o:debian:debian_linux:10.0:::::::*

No data.

References

Link	Providers
https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2019-11-25T23:13:02

Updated: 2024-08-06T23:29:56.887Z

Reserved: 2011-08-30T00:00:00

Link: CVE-2011-3374

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-11-26T00:15:11.030

Modified: 2021-02-09T16:08:18.683

Link: CVE-2011-3374

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "apt", "vendor": "apt", "versions": [{"status": "affected", "version": "All versions"}]}], "descriptions": [{"lang": "en", "value": "It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack."}], "problemTypes": [{"descriptions": [{"description": "Other", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-02-04T12:30:35", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://security-tracker.debian.org/tracker/CVE-2011-3374"}, {"tags": ["x_refsource_MISC"], "url": "https://access.redhat.com/security/cve/cve-2011-3374"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480"}, {"tags": ["x_refsource_MISC"], "url": "https://snyk.io/vuln/SNYK-LINUX-APT-116518"}, {"tags": ["x_refsource_MISC"], "url": "https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html"}, {"tags": ["x_refsource_MISC"], "url": "https://seclists.org/fulldisclosure/2011/Sep/221"}, {"tags": ["x_refsource_MISC"], "url": "https://ubuntu.com/security/CVE-2011-3374"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-3374", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "apt", "version": {"version_data": [{"version_value": "All versions"}]}}]}, "vendor_name": "apt"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Other"}]}]}, "references": {"reference_data": [{"name": "https://security-tracker.debian.org/tracker/CVE-2011-3374", "refsource": "MISC", "url": "https://security-tracker.debian.org/tracker/CVE-2011-3374"}, {"name": "https://access.redhat.com/security/cve/cve-2011-3374", "refsource": "MISC", "url": "https://access.redhat.com/security/cve/cve-2011-3374"}, {"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480", "refsource": "MISC", "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480"}, {"name": "https://snyk.io/vuln/SNYK-LINUX-APT-116518", "refsource": "MISC", "url": "https://snyk.io/vuln/SNYK-LINUX-APT-116518"}, {"name": "https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html", "refsource": "MISC", "url": "https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html"}, {"name": "https://seclists.org/fulldisclosure/2011/Sep/221", "refsource": "MISC", "url": "https://seclists.org/fulldisclosure/2011/Sep/221"}, {"name": "https://ubuntu.com/security/CVE-2011-3374", "refsource": "MISC", "url": "https://ubuntu.com/security/CVE-2011-3374"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T23:29:56.887Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://security-tracker.debian.org/tracker/CVE-2011-3374"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://access.redhat.com/security/cve/cve-2011-3374"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://snyk.io/vuln/SNYK-LINUX-APT-116518"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://seclists.org/fulldisclosure/2011/Sep/221"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ubuntu.com/security/CVE-2011-3374"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-3374", "datePublished": "2019-11-25T23:13:02", "dateReserved": "2011-08-30T00:00:00", "dateUpdated": "2024-08-06T23:29:56.887Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:debian:advanced_package_tool:*:*:*:*:*:*:*:*", "matchCriteriaId": "0DCF96F5-95F7-4E18-994D-98D3CD0F7E6E", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack."}, {"lang": "es", "value": "Se encontr\u00f3 que apt-key en apt, todas las versiones, no comprueban correctamente las claves gpg con el llavero maestro, lo que conlleva a un potencial ataque de tipo man-in-the-middle."}], "id": "CVE-2011-3374", "lastModified": "2021-02-09T16:08:18.683", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-11-26T00:15:11.030", "references": [{"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "https://access.redhat.com/security/cve/cve-2011-3374"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "https://seclists.org/fulldisclosure/2011/Sep/221"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2011-3374"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "https://snyk.io/vuln/SNYK-LINUX-APT-116518"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://ubuntu.com/security/CVE-2011-3374"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-347"}], "source": "nvd@nist.gov", "type": "Primary"}]}