CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
81.0%
Alexandre Martani discovered that the APT daily cron script did not check
the return code of the date command. If a machine is configured for
automatic updates and is in a time zone where DST occurs at midnight, under
certain circumstances automatic updates might not be applied and could
become permanently disabled. (CVE-2009-1300)
Michael Casadevall discovered that APT did not properly verify repositories
signed with a revoked or expired key. If a repository were signed with only
an expired or revoked key and the signature was otherwise valid, APT would
consider the repository valid. (<https://launchpad.net/bugs/356012>)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 8.10 | noarch | apt | < 0.7.14ubuntu6.1 | UNKNOWN |
Ubuntu | 8.10 | noarch | apt-transport-https | < 0.7.14ubuntu6.1 | UNKNOWN |
Ubuntu | 8.10 | noarch | apt-utils | < 0.7.14ubuntu6.1 | UNKNOWN |
Ubuntu | 8.10 | noarch | libapt-pkg-dev | < 0.7.14ubuntu6.1 | UNKNOWN |
Ubuntu | 8.04 | noarch | apt | < 0.7.9ubuntu17.2 | UNKNOWN |
Ubuntu | 8.04 | noarch | apt-transport-https | < 0.7.9ubuntu17.2 | UNKNOWN |
Ubuntu | 8.04 | noarch | apt-utils | < 0.7.9ubuntu17.2 | UNKNOWN |
Ubuntu | 8.04 | noarch | libapt-pkg-dev | < 0.7.9ubuntu17.2 | UNKNOWN |
Ubuntu | 6.06 | noarch | apt | < 0.6.43.3ubuntu3.1 | UNKNOWN |
Ubuntu | 6.06 | noarch | apt-utils | < 0.6.43.3ubuntu3.1 | UNKNOWN |