CVE-2013-1051

2013-03-2117:55:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2013-1051

apt

version 0.8.16

version 0.9.7

man-in-the-middle attack

package modification

integrity checking

third-party repositories

nvd

6.3 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

31.6%

JSON

apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify packages before installation via unknown vectors, possibly related to integrity checking and the use of third-party repositories.

CPENameOperatorVersion
debian:aptdebian apteq0.9.7
debian:advanced_package_tooldebian advanced package tooleq0.8.16
canonical:ubuntu_linuxcanonical ubuntu linuxeq11.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq12.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq12.04

CPE	Name	Operator	Version
debian:apt	debian apt	eq	0.9.7
debian:advanced_package_tool	debian advanced package tool	eq	0.8.16
canonical:ubuntu_linux	canonical ubuntu linux	eq	11.10
canonical:ubuntu_linux	canonical ubuntu linux	eq	12.10
canonical:ubuntu_linux	canonical ubuntu linux	eq	12.04