Security Flaw in APT Package Manager by Ubuntu Affects Key Management
CVE-2012-3587

Currently unrated

Key Information:

Vendor: Debian
Status: Advanced Package Tool
Vendor: CVE Published:; 19 June 2012

Summary

A security flaw in APT versions prior to 0.7.25 and 0.8.16 allows for exploitation through the improper handling of GnuPG argument order. This vulnerability occurs when using the apt-key net-update command to import keyrings, failing to verify GPG subkeys. As a result, attackers can execute man-in-the-middle (MITM) attacks to exploit this weakness, potentially enabling them to install malicious packages disguised as legitimate software.

References

http://seclists.org/fulldisclosure/2012/Jun/267

mailing-listx_refsource_FULLDISC

http://www.ubuntu.com/usn/USN-1477-1

vendor-advisoryx_refsource_UBUNTU

http://www.ubuntu.com/usn/USN-1475-1

vendor-advisoryx_refsource_UBUNTU

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jun 19, 2012