Man-in-the-Middle Vulnerability in APT Package Management Tool by Debian
CVE-2011-1829

Currently unrated

Key Information:

Vendor: Debian
Status: Advanced Package Tool
Vendor: CVE Published:; 27 July 2011

Summary

The vulnerability in APT versions prior to 0.8.15.2 is due to improper validation of inline GPG signatures, enabling man-in-the-middle attackers to install modified packages. This occurs through scenarios that involve the absence of an initial clearsigned message, potentially compromising the integrity of the packages and the overall system security.

References

http://packages.debian.org/changelogs/pool/main/a/apt/cur...

x_refsource_CONFIRM

http://www.ubuntu.com/usn/USN-1169-1

vendor-advisoryx_refsource_UBUNTU

https://launchpad.net/ubuntu/+archive/primary/+sourcepub/...

x_refsource_CONFIRM

Timeline

Vulnerability published
Jul 27, 2011
Vulnerability Reserved
Apr 27, 2011