Описание
APT before 0.8.15.2 does not properly validate inline GPG signatures, which allows man-in-the-middle attackers to install modified packages via vectors involving lack of an initial clearsigned message.
Ссылки
- PatchThird Party Advisory
- Release NotesVendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- Patch
- PatchThird Party Advisory
- Release NotesVendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- Patch
Уязвимые конфигурации
Конфигурация 1Версия до 0.8.15.2 (исключая)
cpe:2.3:a:debian:advanced_package_tool:*:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*
EPSS
Процентиль: 40%
0.00184
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-20
Связанные уязвимости
ubuntu
больше 14 лет назад
APT before 0.8.15.2 does not properly validate inline GPG signatures, which allows man-in-the-middle attackers to install modified packages via vectors involving lack of an initial clearsigned message.
debian
больше 14 лет назад
APT before 0.8.15.2 does not properly validate inline GPG signatures, ...
github
больше 3 лет назад
APT before 0.8.15.2 does not properly validate inline GPG signatures, which allows man-in-the-middle attackers to install modified packages via vectors involving lack of an initial clearsigned message.
EPSS
Процентиль: 40%
0.00184
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-20