CVE-2012-3587 - OpenCVE

APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-middle (MITM) attack.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:H/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Debian	Advanced Package Tool

Configuration 1 [-]

OR	cpe:2.3:a:debian:advanced_package_tool:0.7.0:::::::*
	cpe:2.3:a:debian:advanced_package_tool:0.7.1:::::::*
	cpe:2.3:a:debian:advanced_package_tool:0.7.2:::::::*
	cpe:2.3:a:debian:advanced_package_tool:0.7.2-0.1:::::::*
	cpe:2.3:a:debian:advanced_package_tool:0.7.10:::::::*
	cpe:2.3:a:debian:advanced_package_tool:0.7.11:::::::*
	cpe:2.3:a:debian:advanced_package_tool:0.7.12:::::::*
	cpe:2.3:a:debian:advanced_package_tool:0.7.13:::::::*
	cpe:2.3:a:debian:advanced_package_tool:0.7.14:::::::*
	cpe:2.3:a:debian:advanced_package_tool:0.7.15:::::::*
	cpe:2.3:a:debian:advanced_package_tool:0.7.15:exp1::::::
	cpe:2.3:a:debian:advanced_package_tool:0.7.15:exp2::::::
	cpe:2.3:a:debian:advanced_package_tool:0.7.15:exp3::::::
	cpe:2.3:a:debian:advanced_package_tool:0.7.16:::::::*
	cpe:2.3:a:debian:advanced_package_tool:0.7.17:::::::*
	cpe:2.3:a:debian:advanced_package_tool:0.7.17:exp1::::::
	cpe:2.3:a:debian:advanced_package_tool:0.7.17:exp2::::::
	cpe:2.3:a:debian:advanced_package_tool:0.7.17:exp3::::::
	cpe:2.3:a:debian:advanced_package_tool:0.7.17:exp4::::::
	cpe:2.3:a:debian:advanced_package_tool:0.7.18:::::::*
	cpe:2.3:a:debian:advanced_package_tool:0.7.19:::::::*
	cpe:2.3:a:debian:advanced_package_tool:0.7.20:::::::*
	cpe:2.3:a:debian:advanced_package_tool:0.7.20.1:::::::*
	cpe:2.3:a:debian:advanced_package_tool:0.7.20.2:::::::*
	cpe:2.3:a:debian:advanced_package_tool:0.7.21:::::::*
	cpe:2.3:a:debian:advanced_package_tool:0.7.22:::::::*
	cpe:2.3:a:debian:advanced_package_tool:0.7.22.1:::::::*
	cpe:2.3:a:debian:advanced_package_tool:0.7.22.2:::::::*
	cpe:2.3:a:debian:advanced_package_tool:0.7.23:::::::*
	cpe:2.3:a:debian:advanced_package_tool:0.7.23.1:::::::*
	cpe:2.3:a:debian:advanced_package_tool:0.7.24:::::::*
	cpe:2.3:a:debian:advanced_package_tool:0.8.0:::::::*
	cpe:2.3:a:debian:advanced_package_tool:0.8.0:pre1::::::
	cpe:2.3:a:debian:advanced_package_tool:0.8.0:pre2::::::
	cpe:2.3:a:debian:advanced_package_tool:0.8.1:::::::*
	cpe:2.3:a:debian:advanced_package_tool:0.8.10:::::::*
	cpe:2.3:a:debian:advanced_package_tool:0.8.10.1:::::::*
	cpe:2.3:a:debian:advanced_package_tool:0.8.10.2:::::::*
	cpe:2.3:a:debian:advanced_package_tool:0.8.10.3:::::::*
	cpe:2.3:a:debian:advanced_package_tool:0.8.11:::::::*
	cpe:2.3:a:debian:advanced_package_tool:0.8.11.1:::::::*
	cpe:2.3:a:debian:advanced_package_tool:0.8.11.2:::::::*
	cpe:2.3:a:debian:advanced_package_tool:0.8.11.3:::::::*
	cpe:2.3:a:debian:advanced_package_tool:0.8.11.4:::::::*
	cpe:2.3:a:debian:advanced_package_tool:0.8.11.5:::::::*
	cpe:2.3:a:debian:advanced_package_tool:0.8.12:::::::*
	cpe:2.3:a:debian:advanced_package_tool:0.8.13:::::::*
	cpe:2.3:a:debian:advanced_package_tool:0.8.13.1:::::::*
	cpe:2.3:a:debian:advanced_package_tool:0.8.13.2:::::::*
	cpe:2.3:a:debian:advanced_package_tool:0.8.14:::::::*
	cpe:2.3:a:debian:advanced_package_tool:0.8.14.1:::::::*
	cpe:2.3:a:debian:advanced_package_tool:0.8.15:::::::*
	cpe:2.3:a:debian:advanced_package_tool:0.8.15:exp1::::::
	cpe:2.3:a:debian:advanced_package_tool:0.8.15:exp2::::::
	cpe:2.3:a:debian:advanced_package_tool:0.8.15:exp3::::::
	cpe:2.3:a:debian:advanced_package_tool:0.8.15.1:::::::*
	cpe:2.3:a:debian:advanced_package_tool:0.8.15.6:::::::*
	cpe:2.3:a:debian:advanced_package_tool:0.8.15.7:::::::*
	cpe:2.3:a:debian:advanced_package_tool:0.8.15.8:::::::*
	cpe:2.3:a:debian:advanced_package_tool:0.8.15.9:::::::*
	cpe:2.3:a:debian:advanced_package_tool:0.8.15.10:::::::*

No data.

References

Link	Providers
http://seclists.org/fulldisclosure/2012/Jun/267
http://www.ubuntu.com/usn/USN-1475-1
http://www.ubuntu.com/usn/USN-1477-1
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013128

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2012-06-19T20:00:00Z

Updated: 2024-09-16T22:30:53.425Z

Reserved: 2012-06-19T00:00:00Z

Link: CVE-2012-3587

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2012-06-19T20:55:08.007

Modified: 2020-01-08T15:13:02.757

Link: CVE-2012-3587

Redhat

No data.

Metrics

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object