{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-09-17T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "The apt-add-repository tool in Ubuntu Software Properties 0.75.x before 0.75.10.3, 0.80.x before 0.80.9.2, 0.81.x before 0.81.13.5, 0.82.x before 0.82.7.3, and 0.92.x before 0.92.8 does not properly check PPA GPG keys imported from a keyserver, which allows remote attackers to install arbitrary package repository GPG keys via a man-in-the-middle (MITM) attack."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "USN-1588-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1588-1"}, {"name": "55736", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/55736"}, {"name": "ubuntu-gpg-sec-bypass(78990)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78990"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1016643"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-5356", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The apt-add-repository tool in Ubuntu Software Properties 0.75.x before 0.75.10.3, 0.80.x before 0.80.9.2, 0.81.x before 0.81.13.5, 0.82.x before 0.82.7.3, and 0.92.x before 0.92.8 does not properly check PPA GPG keys imported from a keyserver, which allows remote attackers to install arbitrary package repository GPG keys via a man-in-the-middle (MITM) attack."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "USN-1588-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1588-1"}, {"name": "55736", "refsource": "BID", "url": "http://www.securityfocus.com/bid/55736"}, {"name": "ubuntu-gpg-sec-bypass(78990)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78990"}, {"name": "https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1016643", "refsource": "MISC", "url": "https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1016643"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T21:05:46.870Z"}, "title": "CVE Program Container", "references": [{"name": "USN-1588-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1588-1"}, {"name": "55736", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/55736"}, {"name": "ubuntu-gpg-sec-bypass(78990)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78990"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1016643"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-5356", "datePublished": "2012-10-10T18:00:00.000Z", "dateReserved": "2012-10-10T00:00:00.000Z", "dateUpdated": "2024-08-06T21:05:46.870Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:canonical:ubuntu_software_properties:0.75.4:*:*:*:*:*:*:*", "matchCriteriaId": "184F2D0B-3DF4-4867-9E2A-0DC811B46EBF", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:ubuntu_software_properties:0.75.5:*:*:*:*:*:*:*", "matchCriteriaId": "AFE15797-562D-47C8-8D69-65FC90FB948B", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:ubuntu_software_properties:0.75.6:*:*:*:*:*:*:*", "matchCriteriaId": "2A97DA7A-B187-4215-84AD-3A318FDA5AB8", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:ubuntu_software_properties:0.75.7:*:*:*:*:*:*:*", "matchCriteriaId": "DD55026D-31A1-4263-BD75-35CFD57B489B", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:ubuntu_software_properties:0.75.8:*:*:*:*:*:*:*", "matchCriteriaId": "D6F55FBD-D960-40DB-9B35-59BD01A8F577", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:ubuntu_software_properties:0.75.9:*:*:*:*:*:*:*", "matchCriteriaId": "17D82146-84C0-4ACB-9EB0-A9080C77D01E", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:ubuntu_software_properties:0.75.10:*:*:*:*:*:*:*", "matchCriteriaId": "555296EA-799C-4C74-9C1E-951B2A4312B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:ubuntu_software_properties:0.75.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "13B0E0DC-E93E-4713-B021-FFECA62619AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:ubuntu_software_properties:0.75.10.2:*:*:*:*:*:*:*", "matchCriteriaId": "BB2E775F-157E-432C-8B69-FAABBE55879D", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:canonical:ubuntu_software_properties:0.80:*:*:*:*:*:*:*", "matchCriteriaId": "B6797994-29C8-4805-81B0-559BB55EBC77", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:ubuntu_software_properties:0.80.2:*:*:*:*:*:*:*", "matchCriteriaId": "966039CD-F163-4235-8E6F-B305A3A9099A", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:ubuntu_software_properties:0.80.3:*:*:*:*:*:*:*", "matchCriteriaId": "A4B1C439-E7EB-4DAD-86FA-F644D4CED229", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:ubuntu_software_properties:0.80.4:*:*:*:*:*:*:*", "matchCriteriaId": "5A886803-A0D4-4A18-B90E-651B8063B1B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:ubuntu_software_properties:0.80.5:*:*:*:*:*:*:*", "matchCriteriaId": "B5F42DEC-9473-4652-B8D3-A571E46C0136", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:ubuntu_software_properties:0.80.6:*:*:*:*:*:*:*", "matchCriteriaId": "B211FDB5-20DE-41B4-BF79-F0811DF62F9C", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:ubuntu_software_properties:0.80.7:*:*:*:*:*:*:*", "matchCriteriaId": "9D12A2FA-3D5D-4152-B939-C5D090BA371E", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:ubuntu_software_properties:0.80.8:*:*:*:*:*:*:*", "matchCriteriaId": "6458D6AD-90B9-4F13-8270-48A47EB2EAA7", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:ubuntu_software_properties:0.80.9:*:*:*:*:*:*:*", "matchCriteriaId": "F936FFDF-CD21-46A6-B42E-C0E536CD3A9D", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:ubuntu_software_properties:0.80.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "88A902AF-FB25-4B10-BF6F-46DCC2FB060C", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:canonical:ubuntu_software_properties:0.81:*:*:*:*:*:*:*", "matchCriteriaId": "A58F01C3-81C2-47DC-A66F-888E45158895", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:ubuntu_software_properties:0.81.1:*:*:*:*:*:*:*", "matchCriteriaId": "BAC62A53-C315-4516-892F-F0CF7C598E49", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:ubuntu_software_properties:0.81.2:*:*:*:*:*:*:*", "matchCriteriaId": "E72FD830-954B-4F14-9B59-86121269C392", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:ubuntu_software_properties:0.81.3:*:*:*:*:*:*:*", "matchCriteriaId": "4E0203EF-7FD9-4D97-AC33-6977A38495C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:ubuntu_software_properties:0.81.4:*:*:*:*:*:*:*", "matchCriteriaId": "836B0B0F-EA7B-4252-B0B2-8ABBEB1BACD3", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:ubuntu_software_properties:0.81.5:*:*:*:*:*:*:*", "matchCriteriaId": "EEA06505-8088-443F-8A16-03B5B7459E05", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:ubuntu_software_properties:0.81.6:*:*:*:*:*:*:*", "matchCriteriaId": "0C9DF802-D20B-4EFD-9397-67FC25B2317B", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:ubuntu_software_properties:0.81.7:*:*:*:*:*:*:*", "matchCriteriaId": "E201F029-ED85-483F-A194-A65365D02156", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:ubuntu_software_properties:0.81.8:*:*:*:*:*:*:*", "matchCriteriaId": "5D4EEE0C-BC05-42CC-A2BD-2CC238A344DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:ubuntu_software_properties:0.81.9:*:*:*:*:*:*:*", "matchCriteriaId": "13FC087F-1AA1-45DC-978F-B066CA99F7B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:ubuntu_software_properties:0.81.10:*:*:*:*:*:*:*", "matchCriteriaId": "0303AA5C-C83F-4D3E-A545-A438FF24C18E", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:ubuntu_software_properties:0.81.11:*:*:*:*:*:*:*", "matchCriteriaId": "BEF14135-0B89-4428-9D91-4C097E6F5497", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:ubuntu_software_properties:0.81.13:*:*:*:*:*:*:*", "matchCriteriaId": "8047C0DE-D3B9-425B-8577-DDA870814B33", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:ubuntu_software_properties:0.81.13.1:*:*:*:*:*:*:*", "matchCriteriaId": "FDA5D81E-5195-41D7-AAE1-79AE77C167A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:ubuntu_software_properties:0.81.13.2:*:*:*:*:*:*:*", "matchCriteriaId": "B7CA5A01-94AD-46E5-BDC0-E1984D644CB4", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:ubuntu_software_properties:0.81.13.3:*:*:*:*:*:*:*", "matchCriteriaId": "5911C646-504F-4347-B3C4-7CAA352891D2", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:ubuntu_software_properties:0.81.13.4:*:*:*:*:*:*:*", "matchCriteriaId": "8196D7D1-C25C-4506-9A77-0BD547164450", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:canonical:ubuntu_software_properties:0.82:*:*:*:*:*:*:*", "matchCriteriaId": "0F5CE606-E5CE-475A-8334-48017B2EF899", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:ubuntu_software_properties:0.82.2:*:*:*:*:*:*:*", "matchCriteriaId": "ABB71F54-4B83-454E-A7BF-9A52B216FBB2", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:ubuntu_software_properties:0.82.3:*:*:*:*:*:*:*", "matchCriteriaId": "C8F01FF0-F862-4823-B7EC-4138A69047B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:ubuntu_software_properties:0.82.4:*:*:*:*:*:*:*", "matchCriteriaId": "4AD8700D-3EE2-4BA9-8C99-D871F98B26A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:ubuntu_software_properties:0.82.5:*:*:*:*:*:*:*", "matchCriteriaId": "2F73A0D7-2AA2-4F18-BB68-4B39DE951FAE", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:ubuntu_software_properties:0.82.6:*:*:*:*:*:*:*", "matchCriteriaId": "A4DC8A9E-2C1D-404B-BBF6-E5CE7A5204D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:ubuntu_software_properties:0.82.7:*:*:*:*:*:*:*", "matchCriteriaId": "ADC6A6AA-C090-4816-8AA3-A95C036FC203", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:ubuntu_software_properties:0.82.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "DCE0CFE0-6F72-4C6E-B55C-A5931D2C4142", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:ubuntu_software_properties:0.82.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "9E22A4E5-3CB2-49DB-BD12-764D00A6C379", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:canonical:ubuntu_software_properties:0.92:*:*:*:*:*:*:*", "matchCriteriaId": "0CCECD13-39EE-4AB4-AC40-3963FD8B80B2", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:ubuntu_software_properties:0.92.2:*:*:*:*:*:*:*", "matchCriteriaId": "910B4E1F-1746-4902-BF42-1FCC2CA7E89D", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:ubuntu_software_properties:0.92.3:*:*:*:*:*:*:*", "matchCriteriaId": "4DF85285-18BE-48D4-9A79-5999424DA5A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:ubuntu_software_properties:0.92.4:*:*:*:*:*:*:*", "matchCriteriaId": "11743C71-8DEC-41F1-9E9F-A1C0323EF4C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:ubuntu_software_properties:0.92.5:*:*:*:*:*:*:*", "matchCriteriaId": "541975D2-A4B9-44ED-AE37-FE525E5C2A94", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:ubuntu_software_properties:0.92.6:*:*:*:*:*:*:*", "matchCriteriaId": "DCB55949-1DF4-4A4E-88B8-FBF78744D8A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:ubuntu_software_properties:0.92.7:*:*:*:*:*:*:*", "matchCriteriaId": "6C77BCD4-680F-4D6D-9B4B-523BBFC68930", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The apt-add-repository tool in Ubuntu Software Properties 0.75.x before 0.75.10.3, 0.80.x before 0.80.9.2, 0.81.x before 0.81.13.5, 0.82.x before 0.82.7.3, and 0.92.x before 0.92.8 does not properly check PPA GPG keys imported from a keyserver, which allows remote attackers to install arbitrary package repository GPG keys via a man-in-the-middle (MITM) attack."}, {"lang": "es", "value": "La herramienta apt-add-repository v0.75.x antes de v0.75.10.3, v0.80.x antes de v0.80.9.2, antes de v0.81.x antes de v0.81.13.5, v0.82.x antes de v0.82.7.3, y antes de v0.92.x antes de v0.92.8 no comprueba correctamente las llaves PPA GPG importadas desde el servidor de claves, lo que permite a atacantes remotos instalar llaves GPG arbitrarias de paquetes del repositorio mediante un ataque man-in-the-middle (MITM)."}], "id": "CVE-2012-5356", "lastModified": "2026-04-29T01:13:23.040", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2012-10-10T18:55:05.707", "references": [{"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/55736"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-1588-1"}, {"source": "cve@mitre.org", "url": "https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1016643"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78990"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/55736"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-1588-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1016643"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78990"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}