CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
89.7%
apt-get in apt before 0.7.21 does not check for the correct error code from gpgv, which causes apt to treat a repository as valid even when it has been signed with a key that has been revoked or expired, which might allow remote attackers to trick apt into installing malicious repositories.
Vendor | Product | Version | CPE |
---|---|---|---|
debian | advanced_package_tool | * | cpe:2.3:a:debian:advanced_package_tool:*:*:*:*:*:*:*:* |
debian | advanced_package_tool | 0.7.0 | cpe:2.3:a:debian:advanced_package_tool:0.7.0:*:*:*:*:*:*:* |
debian | advanced_package_tool | 0.7.1 | cpe:2.3:a:debian:advanced_package_tool:0.7.1:*:*:*:*:*:*:* |
debian | advanced_package_tool | 0.7.2 | cpe:2.3:a:debian:advanced_package_tool:0.7.2:*:*:*:*:*:*:* |
debian | advanced_package_tool | 0.7.2-0.1 | cpe:2.3:a:debian:advanced_package_tool:0.7.2-0.1:*:*:*:*:*:*:* |
debian | advanced_package_tool | 0.7.10 | cpe:2.3:a:debian:advanced_package_tool:0.7.10:*:*:*:*:*:*:* |
debian | advanced_package_tool | 0.7.11 | cpe:2.3:a:debian:advanced_package_tool:0.7.11:*:*:*:*:*:*:* |
debian | advanced_package_tool | 0.7.12 | cpe:2.3:a:debian:advanced_package_tool:0.7.12:*:*:*:*:*:*:* |
debian | advanced_package_tool | 0.7.13 | cpe:2.3:a:debian:advanced_package_tool:0.7.13:*:*:*:*:*:*:* |
debian | advanced_package_tool | 0.7.14 | cpe:2.3:a:debian:advanced_package_tool:0.7.14:*:*:*:*:*:*:* |
bugs.debian.org/cgi-bin/bugreport.cgi?bug=433091
secunia.com/advisories/34829
secunia.com/advisories/34832
secunia.com/advisories/34874
www.debian.org/security/2009/dsa-1779
www.securityfocus.com/bid/34630
bugs.launchpad.net/ubuntu/+source/apt/+bug/356012
exchange.xforce.ibmcloud.com/vulnerabilities/50086
usn.ubuntu.com/762-1/