Search...

Ubuntu 11.10 / 12.04 LTS : aptdaemon vulnerability (USN-1666-1)

2012-12-18T00:00:00

ID UBUNTU_USN-1666-1.NASL
Type nessus
Reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2021-01-02T00:00:00

Description

It was discovered that Aptdaemon incorrectly validated PPA GPG keys when importing from a keyserver. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to install altered package repository GPG keys.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

                                        
                                            #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-1666-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# &lt;http://www.ubuntu.com/usn/&gt;. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(63286);
  script_version("1.8");
  script_cvs_date("Date: 2019/09/19 12:54:28");

  script_cve_id("CVE-2012-0962");
  script_xref(name:"USN", value:"1666-1");

  script_name(english:"Ubuntu 11.10 / 12.04 LTS : aptdaemon vulnerability (USN-1666-1)");
  script_summary(english:"Checks dpkg output for updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Ubuntu host is missing a security-related patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"It was discovered that Aptdaemon incorrectly validated PPA GPG keys
when importing from a keyserver. If a remote attacker were able to
perform a man-in-the-middle attack, this flaw could be exploited to
install altered package repository GPG keys.

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/1666-1/"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected aptdaemon package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:aptdaemon");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.10");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/12/26");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/12/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/12/18");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(11\.10|12\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 11.10 / 12.04", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" &gt;!&lt; cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"11.10", pkgname:"aptdaemon", pkgver:"0.43+bzr697-0ubuntu1.3")) flag++;
if (ubuntu_check(osver:"12.04", pkgname:"aptdaemon", pkgver:"0.43+bzr805-0ubuntu7")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "aptdaemon");
}

JSON Vulners Source

Initial Source

{"id": "UBUNTU_USN-1666-1.NASL", "bulletinFamily": "scanner", "title": "Ubuntu 11.10 / 12.04 LTS : aptdaemon vulnerability (USN-1666-1)", "description": "It was discovered that Aptdaemon incorrectly validated PPA GPG keys\nwhen importing from a keyserver. If a remote attacker were able to\nperform a man-in-the-middle attack, this flaw could be exploited to\ninstall altered package repository GPG keys.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "published": "2012-12-18T00:00:00", "modified": "2021-01-02T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "https://www.tenable.com/plugins/nessus/63286", "reporter": "Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://usn.ubuntu.com/1666-1/"], "cvelist": ["CVE-2012-0962"], "type": "nessus", "lastseen": "2021-01-01T06:38:52", "edition": 24, "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-0962"]}, {"type": "ubuntu", "idList": ["USN-1666-1"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310841257", "OPENVAS:841257"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:28869", "SECURITYVULNS:VULN:12790"]}], "modified": "2021-01-01T06:38:52", "rev": 2}, "score": {"value": 4.6, "vector": "NONE", "modified": "2021-01-01T06:38:52", "rev": 2}, "vulnersScore": 4.6}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1666-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(63286);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/09/19 12:54:28\");\n\n script_cve_id(\"CVE-2012-0962\");\n script_xref(name:\"USN\", value:\"1666-1\");\n\n script_name(english:\"Ubuntu 11.10 / 12.04 LTS : aptdaemon vulnerability (USN-1666-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that Aptdaemon incorrectly validated PPA GPG keys\nwhen importing from a keyserver. If a remote attacker were able to\nperform a man-in-the-middle attack, this flaw could be exploited to\ninstall altered package repository GPG keys.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1666-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected aptdaemon package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:aptdaemon\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/12/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/12/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(11\\.10|12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 11.10 / 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"11.10\", pkgname:\"aptdaemon\", pkgver:\"0.43+bzr697-0ubuntu1.3\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"aptdaemon\", pkgver:\"0.43+bzr805-0ubuntu7\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"aptdaemon\");\n}\n", "naslFamily": "Ubuntu Local Security Checks", "pluginID": "63286", "cpe": ["cpe:/o:canonical:ubuntu_linux:11.10", "p-cpe:/a:canonical:ubuntu_linux:aptdaemon", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "scheme": null}

{"cve": [{"lastseen": "2020-10-03T12:06:01", "description": "Aptdaemon 0.43 in Ubuntu 11.10 and 12.04 LTS uses short IDs when importing PPA GPG keys from a keyserver, which allows remote attackers to install arbitrary package repository GPG keys via a man-in-the-middle (MITM) attack.", "edition": 3, "cvss3": {}, "published": "2012-12-26T22:55:00", "title": "CVE-2012-0962", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0962"], "modified": "2012-12-27T18:42:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:11.10", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/a:sebastian_heinlein:aptdaemon:0.43"], "id": "CVE-2012-0962", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0962", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:11.10:-:lts:*:*:*:*:*", "cpe:2.3:a:sebastian_heinlein:aptdaemon:0.43:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*"]}], "ubuntu": [{"lastseen": "2020-07-02T11:40:42", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0962"], "description": "It was discovered that Aptdaemon incorrectly validated PPA GPG keys when \nimporting from a keyserver. If a remote attacker were able to perform a \nman-in-the-middle attack, this flaw could be exploited to install altered \npackage repository GPG keys.", "edition": 5, "modified": "2012-12-17T00:00:00", "published": "2012-12-17T00:00:00", "id": "USN-1666-1", "href": "https://ubuntu.com/security/notices/USN-1666-1", "title": "Aptdaemon vulnerability", "type": "ubuntu", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "openvas": [{"lastseen": "2017-12-04T11:20:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0962"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1666-1", "modified": "2017-12-01T00:00:00", "published": "2012-12-18T00:00:00", "id": "OPENVAS:841257", "href": "http://plugins.openvas.org/nasl.php?oid=841257", "type": "openvas", "title": "Ubuntu Update for aptdaemon USN-1666-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1666_1.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for aptdaemon USN-1666-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that Aptdaemon incorrectly validated PPA GPG keys when\n importing from a keyserver. If a remote attacker were able to perform a\n man-in-the-middle attack, this flaw could be exploited to install altered\n package repository GPG keys.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1666-1\";\ntag_affected = \"aptdaemon on Ubuntu 12.04 LTS ,\n Ubuntu 11.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1666-1/\");\n script_id(841257);\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-12-18 10:05:11 +0530 (Tue, 18 Dec 2012)\");\n script_cve_id(\"CVE-2012-0962\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"USN\", value: \"1666-1\");\n script_name(\"Ubuntu Update for aptdaemon USN-1666-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"aptdaemon\", ver:\"0.43+bzr805-0ubuntu7\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"aptdaemon\", ver:\"0.43+bzr697-0ubuntu1.3\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:38:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0962"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1666-1", "modified": "2019-03-13T00:00:00", "published": "2012-12-18T00:00:00", "id": "OPENVAS:1361412562310841257", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841257", "type": "openvas", "title": "Ubuntu Update for aptdaemon USN-1666-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1666_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for aptdaemon USN-1666-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1666-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.841257\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-12-18 10:05:11 +0530 (Tue, 18 Dec 2012)\");\n script_cve_id(\"CVE-2012-0962\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name:\"USN\", value:\"1666-1\");\n script_name(\"Ubuntu Update for aptdaemon USN-1666-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(12\\.04 LTS|11\\.10)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1666-1\");\n script_tag(name:\"affected\", value:\"aptdaemon on Ubuntu 12.04 LTS,\n Ubuntu 11.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"It was discovered that Aptdaemon incorrectly validated PPA GPG keys when\n importing from a keyserver. If a remote attacker were able to perform a\n man-in-the-middle attack, this flaw could be exploited to install altered\n package repository GPG keys.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"aptdaemon\", ver:\"0.43+bzr805-0ubuntu7\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"aptdaemon\", ver:\"0.43+bzr697-0ubuntu1.3\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:46", "bulletinFamily": "software", "cvelist": ["CVE-2012-0962"], "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-1666-1\r\nDecember 17, 2012\r\n\r\naptdaemon vulnerability\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 12.04 LTS\r\n- Ubuntu 11.10\r\n\r\nSummary:\r\n\r\nAptdaemon could be tricked into installing arbitrary PPA GPG keys.\r\n\r\nSoftware Description:\r\n- aptdaemon: transaction based package management service\r\n\r\nDetails:\r\n\r\nIt was discovered that Aptdaemon incorrectly validated PPA GPG keys when\r\nimporting from a keyserver. If a remote attacker were able to perform a\r\nman-in-the-middle attack, this flaw could be exploited to install altered\r\npackage repository GPG keys.\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 12.04 LTS:\r\n aptdaemon 0.43+bzr805-0ubuntu7\r\n\r\nUbuntu 11.10:\r\n aptdaemon 0.43+bzr697-0ubuntu1.3\r\n\r\nAfter a standard system update you need to reboot your computer to make\r\nall the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-1666-1\r\n CVE-2012-0962\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/aptdaemon/0.43+bzr805-0ubuntu7\r\n https://launchpad.net/ubuntu/+source/aptdaemon/0.43+bzr697-0ubuntu1.3\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "edition": 1, "modified": "2012-12-18T00:00:00", "published": "2012-12-18T00:00:00", "id": "SECURITYVULNS:DOC:28869", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28869", "title": "[USN-1666-1] Aptdaemon vulnerability", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:09:49", "bulletinFamily": "software", "cvelist": ["CVE-2012-0962"], "description": "PPA GPG key is validated incorrectly.", "edition": 1, "modified": "2012-12-18T00:00:00", "published": "2012-12-18T00:00:00", "id": "SECURITYVULNS:VULN:12790", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12790", "title": "aptdaemon key validation vulnerability", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}]}