Vulnerability Description
Aptdaemon 0.43 in Ubuntu 11.10 and 12.04 LTS uses short IDs when importing PPA GPG keys from a keyserver, which allows remote attackers to install arbitrary package repository GPG keys via a man-in-the-middle (MITM) attack.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sebastian Heinlein | Aptdaemon | 0.43 |
| Canonical | Ubuntu Linux | 11.10 |
References
- http://secunia.com/advisories/51627Vendor Advisory
- http://www.securityfocus.com/bid/56959
- http://www.securitytracker.com/id?1027891Patch
- http://www.ubuntu.com/usn/USN-1666-1Patch
- https://bugs.launchpad.net/software-center-agent/%2Bbug/1052789
- http://secunia.com/advisories/51627Vendor Advisory
- http://www.securityfocus.com/bid/56959
- http://www.securitytracker.com/id?1027891Patch
- http://www.ubuntu.com/usn/USN-1666-1Patch
- https://bugs.launchpad.net/software-center-agent/%2Bbug/1052789
FAQ
What is CVE-2012-0962?
CVE-2012-0962 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Aptdaemon 0.43 in Ubuntu 11.10 and 12.04 LTS uses short IDs when importing PPA GPG keys from a keyserver, which allows remote attackers to install arbitrary package repository GPG keys via a man-in-th...
How severe is CVE-2012-0962?
CVE-2012-0962 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-0962?
Check the references section above for vendor advisories and patch information. Affected products include: Sebastian Heinlein Aptdaemon, Canonical Ubuntu Linux.