← Retour aux CVEs
CVE-2012-0214
N/ADescription
The pkgAcqMetaClearSig::Failed method in apt-pkg/acquire-item.cc in Advanced Package Tool (APT) 0.8.11 through 0.8.15.10 and 0.8.16 before 0.8.16~exp13, when updating from repositories that use InRelease files, allows man-in-the-middle attackers to install arbitrary packages by preventing a user from downloading the new InRelease file, which leaves the original InRelease file active and makes it more difficult to detect that the Packages file is modified and unsigned.
Details CVE
Score CVSS v3.1N/A
Publie4/15/2014
Derniere modification4/12/2025
Sourcenvd
Observations honeypot0
Produits affectes
advanced_package_tool:advanced_package_tool
Faiblesses (CWE)
CWE-264
References
http://anonscm.debian.org/gitweb/?p=apt/apt.git%3Ba=commitdiff%3Bh=b7a6594d1e5ed199a7a472b78b33e070375d6f92(security@debian.org)
http://anonscm.debian.org/gitweb/?p=apt/apt.git%3Ba=commitdiff%3Bh=de498a528cd6fc36c4bb22bf8dec6558e21cc9b6(security@debian.org)
http://www.ubuntu.com/usn/USN-1385-1(security@debian.org)
http://anonscm.debian.org/gitweb/?p=apt/apt.git%3Ba=commitdiff%3Bh=b7a6594d1e5ed199a7a472b78b33e070375d6f92(af854a3a-2127-422b-91ae-364da2661108)
http://anonscm.debian.org/gitweb/?p=apt/apt.git%3Ba=commitdiff%3Bh=de498a528cd6fc36c4bb22bf8dec6558e21cc9b6(af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/USN-1385-1(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.