Vulnerability Description
The apt-add-repository tool in Ubuntu Software Properties 0.75.x before 0.75.10.3, 0.80.x before 0.80.9.2, 0.81.x before 0.81.13.5, 0.82.x before 0.82.7.3, and 0.92.x before 0.92.8 does not properly check PPA GPG keys imported from a keyserver, which allows remote attackers to install arbitrary package repository GPG keys via a man-in-the-middle (MITM) attack.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Canonical | Ubuntu Software Properties | 0.75.4 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/55736
- http://www.ubuntu.com/usn/USN-1588-1
- https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1016643
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78990
- http://www.securityfocus.com/bid/55736
- http://www.ubuntu.com/usn/USN-1588-1
- https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1016643
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78990
FAQ
What is CVE-2012-5356?
CVE-2012-5356 is a vulnerability with a CVSS score of 5.8 (MEDIUM). The apt-add-repository tool in Ubuntu Software Properties 0.75.x before 0.75.10.3, 0.80.x before 0.80.9.2, 0.81.x before 0.81.13.5, 0.82.x before 0.82.7.3, and 0.92.x before 0.92.8 does not properly c...
How severe is CVE-2012-5356?
CVE-2012-5356 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-5356?
Check the references section above for vendor advisories and patch information. Affected products include: Canonical Ubuntu Software Properties.