Man-in-the-Middle Vulnerability in Aptdaemon for Ubuntu
CVE-2012-0962

Currently unrated

Key Information:

Vendor: Canonical
Status: Ubuntu Linux; Aptdaemon
Vendor: CVE Published:; 26 December 2012

Summary

The Aptdaemon 0.43 in Ubuntu 11.10 and 12.04 LTS utilizes short identifiers when importing GPG keys from PPA keyservers. This design flaw allows attackers to intercept and manipulate communications, making it possible for them to inject malicious GPG keys. This can lead to the installation of unauthorized package repositories, compromising the integrity and security of the affected system.

References

http://secunia.com/advisories/51627

third-party-advisoryx_refsource_SECUNIA

https://bugs.launchpad.net/software-center-agent/%2Bbug/1...

x_refsource_CONFIRM

http://www.ubuntu.com/usn/USN-1666-1

vendor-advisoryx_refsource_UBUNTU

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Dec 26, 2012