Lucene search
HistoryApr 21, 2009 - 11:30 p.m.
CVE-2009-1358
cve-2009-1358
apt
repository
gpgv
security
nvd
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
6.8 Medium
AI Score
Confidence
Low
0.023 Low
EPSS
Percentile
89.7%
apt-get in apt before 0.7.21 does not check for the correct error code from gpgv, which causes apt to treat a repository as valid even when it has been signed with a key that has been revoked or expired, which might allow remote attackers to trick apt into installing malicious repositories.
Affected configurations
Node
debianadvanced_package_toolRange≤0.7.20
ORdebianadvanced_package_toolMatch0.7.0
ORdebianadvanced_package_toolMatch0.7.1
ORdebianadvanced_package_toolMatch0.7.2
ORdebianadvanced_package_toolMatch0.7.2-0.1
ORdebianadvanced_package_toolMatch0.7.10
ORdebianadvanced_package_toolMatch0.7.11
ORdebianadvanced_package_toolMatch0.7.12
ORdebianadvanced_package_toolMatch0.7.13
ORdebianadvanced_package_toolMatch0.7.14
ORdebianadvanced_package_toolMatch0.7.15
ORdebianadvanced_package_toolMatch0.7.15exp1
ORdebianadvanced_package_toolMatch0.7.15exp2
ORdebianadvanced_package_toolMatch0.7.15exp3
ORdebianadvanced_package_toolMatch0.7.16
ORdebianadvanced_package_toolMatch0.7.17
ORdebianadvanced_package_toolMatch0.7.17exp1
ORdebianadvanced_package_toolMatch0.7.17exp2
ORdebianadvanced_package_toolMatch0.7.17exp3
ORdebianadvanced_package_toolMatch0.7.17exp4
ORdebianadvanced_package_toolMatch0.7.18
ORdebianadvanced_package_toolMatch0.7.19
ORdebianadvanced_package_toolMatch0.7.20.1
ORdebianadvanced_package_toolMatch0.7.20.2
ORdebianadvanced_package_toolMatch0.7.21
ORdebianaptMatch0.0.1
ORdebianaptMatch0.0.2
ORdebianaptMatch0.0.3
ORdebianaptMatch0.0.4
ORdebianaptMatch0.0.5
ORdebianaptMatch0.0.6
ORdebianaptMatch0.0.7
ORdebianaptMatch0.0.8
ORdebianaptMatch0.0.9
ORdebianaptMatch0.0.10
ORdebianaptMatch0.0.11
ORdebianaptMatch0.0.12
ORdebianaptMatch0.0.13
ORdebianaptMatch0.0.13-bo1
ORdebianaptMatch0.0.14
ORdebianaptMatch0.0.15
ORdebianaptMatch0.0.15-0.1bo
ORdebianaptMatch0.0.15-0.2bo
ORdebianaptMatch0.0.16-1
ORdebianaptMatch0.0.17-1
ORdebianaptMatch0.1
ORdebianaptMatch0.1.1
ORdebianaptMatch0.1.3
ORdebianaptMatch0.1.5
ORdebianaptMatch0.1.6
ORdebianaptMatch0.1.7
ORdebianaptMatch0.1.9
ORdebianaptMatch0.3.0
ORdebianaptMatch0.3.1
ORdebianaptMatch0.3.2
ORdebianaptMatch0.3.3
ORdebianaptMatch0.3.4
ORdebianaptMatch0.3.6
ORdebianaptMatch0.3.7
ORdebianaptMatch0.3.9
ORdebianaptMatch0.3.11
ORdebianaptMatch0.3.12
ORdebianaptMatch0.3.13
ORdebianaptMatch0.3.14
ORdebianaptMatch0.3.15
ORdebianaptMatch0.3.16
ORdebianaptMatch0.3.17
ORdebianaptMatch0.3.18
ORdebianaptMatch0.3.19
ORdebianaptMatch0.5.0
ORdebianaptMatch0.5.1
ORdebianaptMatch0.5.2
ORdebianaptMatch0.5.3
ORdebianaptMatch0.5.4
ORdebianaptMatch0.5.5
ORdebianaptMatch0.5.5.1
ORdebianaptMatch0.5.6
ORdebianaptMatch0.5.7
ORdebianaptMatch0.5.8
ORdebianaptMatch0.5.9
ORdebianaptMatch0.5.10
ORdebianaptMatch0.5.11
ORdebianaptMatch0.5.12
ORdebianaptMatch0.5.13
ORdebianaptMatch0.5.14
ORdebianaptMatch0.5.15
ORdebianaptMatch0.5.16
ORdebianaptMatch0.5.17
ORdebianaptMatch0.5.18
ORdebianaptMatch0.5.19
ORdebianaptMatch0.5.20
ORdebianaptMatch0.5.21
ORdebianaptMatch0.5.22
ORdebianaptMatch0.5.23
ORdebianaptMatch0.5.24
ORdebianaptMatch0.5.25
ORdebianaptMatch0.5.26
ORdebianaptMatch0.5.27
ORdebianaptMatch0.5.28
ORdebianaptMatch0.5.29
ORdebianaptMatch0.5.30
ORdebianaptMatch0.5.30ubuntu1
ORdebianaptMatch0.5.30ubuntu2
ORdebianaptMatch0.5.31
ORdebianaptMatch0.5.32
ORdebianaptMatch0.6.0
ORdebianaptMatch0.6.1
ORdebianaptMatch0.6.2
ORdebianaptMatch0.6.3
ORdebianaptMatch0.6.4
ORdebianaptMatch0.6.5
ORdebianaptMatch0.6.6
ORdebianaptMatch0.6.7
ORdebianaptMatch0.6.8
ORdebianaptMatch0.6.9
ORdebianaptMatch0.6.10
ORdebianaptMatch0.6.11
ORdebianaptMatch0.6.12
ORdebianaptMatch0.6.13
ORdebianaptMatch0.6.14
ORdebianaptMatch0.6.15
ORdebianaptMatch0.6.16
ORdebianaptMatch0.6.17
ORdebianaptMatch0.6.18
ORdebianaptMatch0.6.19
ORdebianaptMatch0.6.20
ORdebianaptMatch0.6.21
ORdebianaptMatch0.6.22
ORdebianaptMatch0.6.23
ORdebianaptMatch0.6.24
ORdebianaptMatch0.6.25
ORdebianaptMatch0.6.27
ORdebianaptMatch0.6.27ubuntu1
ORdebianaptMatch0.6.27ubuntu2
ORdebianaptMatch0.6.27ubuntu3
ORdebianaptMatch0.6.27ubuntu4
ORdebianaptMatch0.6.28
ORdebianaptMatch0.6.29
ORdebianaptMatch0.6.30
ORdebianaptMatch0.6.31
ORdebianaptMatch0.6.32
ORdebianaptMatch0.6.33
ORdebianaptMatch0.6.34
ORdebianaptMatch0.6.35
ORdebianaptMatch0.6.36
ORdebianaptMatch0.6.36ubuntu1
ORdebianaptMatch0.6.37
ORdebianaptMatch0.6.38
ORdebianaptMatch0.6.39
ORdebianaptMatch0.6.40
ORdebianaptMatch0.6.40.1
ORdebianaptMatch0.6.41
ORdebianaptMatch0.6.42
ORdebianaptMatch0.6.42.1
ORdebianaptMatch0.6.42.2
ORdebianaptMatch0.6.42.3
ORdebianaptMatch0.6.43
ORdebianaptMatch0.6.43.1
ORdebianaptMatch0.6.43.2
ORdebianaptMatch0.6.43.3
ORdebianaptMatch0.6.44
ORdebianaptMatch0.6.44.1
ORdebianaptMatch0.6.44.1-0.1
ORdebianaptMatch0.6.44.2
ORdebianaptMatch0.6.44.2exp1
ORdebianaptMatch0.6.45
ORdebianaptMatch0.6.46
ORdebianaptMatch0.6.46.1
ORdebianaptMatch0.6.46.2
ORdebianaptMatch0.6.46.3
ORdebianaptMatch0.6.46.3-0.1
ORdebianaptMatch0.6.46.3-0.2
ORdebianaptMatch0.6.46.4-0.1
ORdebianaptMatch0.7.3
ORdebianaptMatch0.7.4
ORdebianaptMatch0.7.5
ORdebianaptMatch0.7.6
ORdebianaptMatch0.7.7
ORdebianaptMatch0.7.8
ORdebianaptMatch0.7.9
References
bugs.debian.org/cgi-bin/bugreport.cgi?bug=433091
secunia.com/advisories/34829
secunia.com/advisories/34832
secunia.com/advisories/34874
www.debian.org/security/2009/dsa-1779
www.securityfocus.com/bid/34630
bugs.launchpad.net/ubuntu/+source/apt/+bug/356012
exchange.xforce.ibmcloud.com/vulnerabilities/50086
usn.ubuntu.com/762-1/
Related
ubuntucve
ubuntucve
CVE-2009-1358
2009-04-21 00:00:00
redhatcve
redhatcve
CVE-2009-1358
2019-10-04 21:32:24
cvelist
cvelist
CVE-2009-1358
2009-04-21 23:00:00
nvd
nvd
CVE-2009-1358
2009-04-21 23:30:00
debiancve
debiancve
CVE-2009-1358
2009-04-21 23:30:00
prion
prion
Code injection
2009-04-21 23:30:00
openvas
openvas
Debian: Security Advisory (DSA-1779-1)
2009-05-05 00:00:00
Debian Security Advisory DSA 1779-1 (apt)
2009-05-05 00:00:00
nessus
nessus
Debian DSA-1779-1 : apt - several vulnerabilities
2009-04-27 00:00:00
osv
osv
apt - several vulnerabilities
2009-04-26 00:00:00
debian
debian
[SECURITY] [DSA 1779-1] New apt packages fix several vulnerabilities
2009-04-26 15:36:06
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
6.8 Medium
AI Score
Confidence
Low
0.023 Low
EPSS
Percentile
89.7%
Related for CVE-2009-1358