CVE-2011-1829

APT before 0.8.15.2 does not properly validate inline GPG signatures, which allows man-in-the-middle attackers to install modified packages via vectors involving lack of an initial clearsigned message.

References

Link	Resource
http://launchpadlibrarian.net/75126628/apt_0.8.13.2ubuntu2_0.8.13.2ubuntu4.1.diff.gz	Patch Third Party Advisory
http://packages.debian.org/changelogs/pool/main/a/apt/current/changelog	Release Notes Vendor Advisory
http://www.securityfocus.com/bid/48671	Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-1169-1	Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/68560	Third Party Advisory VDB Entry
https://launchpad.net/bugs/784473	Third Party Advisory
https://launchpad.net/ubuntu/+archive/primary/+sourcepub/1817196/+listing-archive-extra	Patch

Configurations

Configuration 1 (hide)

cpe:2.3:a:debian:advanced_package_tool:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*

History

25 Mar 2021, 19:27

Type	Values Removed	Values Added
CPE	cpe:2.3:a:debian:apt:0.6.23:::::::* cpe:2.3:a:debian:apt:0.1.5:::::::* cpe:2.3:a:debian:apt:0.8.8:::::::* cpe:2.3:a:debian:apt:0.7.26:exp6:::::: cpe:2.3:a:debian:apt:0.6.10:::::::* cpe:2.3:a:debian:advanced_package_tool:0.7.15:exp2:::::: cpe:2.3:a:debian:advanced_package_tool:0.8.15:exp2:::::: cpe:2.3:a:debian:apt:0.5.32:::::::* cpe:2.3:a:debian:apt:0.6.9:::::::* cpe:2.3:a:debian:apt:0.6.41:::::::* cpe:2.3:a:debian:advanced_package_tool:0.8.15:exp3:::::: cpe:2.3:a:debian:apt:0.1.3:::::::* cpe:2.3:a:debian:apt:0.5.4:::::::* cpe:2.3:a:debian:apt:0.0.10:::::::* cpe:2.3:a:debian:apt:0.5.6:::::::* cpe:2.3:a:debian:apt:0.6.38:::::::* cpe:2.3:a:debian:apt:0.3.1:::::::* cpe:2.3:a:debian:advanced_package_tool:0.7.17:exp2:::::: cpe:2.3:a:debian:apt:0.6.44.2:::::::* cpe:2.3:a:debian:advanced_package_tool:0.7.15:::::::* cpe:2.3:a:debian:apt:0.5.24:::::::* cpe:2.3:a:debian:apt:0.6.1:::::::* cpe:2.3:a:debian:apt:0.5.21:::::::* cpe:2.3:a:debian:apt:0.7.26:exp7:::::: cpe:2.3:a:debian:advanced_package_tool:0.7.15:exp3:::::: cpe:2.3:a:debian:advanced_package_tool:0.8.10.2:::::::* cpe:2.3:a:debian:apt:0.6.27:::::::* cpe:2.3:a:debian:apt:0.5.10:::::::* cpe:2.3:a:debian:advanced_package_tool:0.8.14:::::::* cpe:2.3:a:debian:advanced_package_tool:0.7.2:::::::* cpe:2.3:a:debian:apt:0.6.13:::::::* cpe:2.3:a:debian:apt:0.6.36:::::::* cpe:2.3:a:debian:apt:0.6.19:::::::* cpe:2.3:a:debian:advanced_package_tool:0.8.14.1:::::::* cpe:2.3:a:debian:apt:0.8.9:::::::* cpe:2.3:a:debian:apt:0.3.9:::::::* cpe:2.3:a:debian:apt:0.5.3:::::::* cpe:2.3:a:debian:apt:0.6.30:::::::* cpe:2.3:a:debian:apt:0.0.15-0.1bo:::::::* cpe:2.3:a:debian:apt:0.6.33:::::::* cpe:2.3:a:debian:apt:0.7.26:exp12:::::: cpe:2.3:a:debian:advanced_package_tool:0.8.10.3:::::::* cpe:2.3:a:debian:apt:0.5.16:::::::* cpe:2.3:a:debian:apt:0.0.1:::::::* cpe:2.3:a:debian:advanced_package_tool:0.7.12:::::::* cpe:2.3:a:debian:apt:0.3.6:::::::* cpe:2.3:a:debian:advanced_package_tool:0.7.20.1:::::::* cpe:2.3:a:debian:advanced_package_tool:0.8.11.3:::::::* cpe:2.3:a:debian:advanced_package_tool:0.7.17:exp3:::::: cpe:2.3:a:debian:apt:0.6.27:ubuntu1:::::: cpe:2.3:a:debian:apt:0.6.40:::::::* cpe:2.3:a:debian:advanced_package_tool:0.7.10:::::::* cpe:2.3:a:debian:advanced_package_tool:0.7.2-0.1:::::::* cpe:2.3:a:debian:apt:0.6.46.2:::::::* cpe:2.3:a:debian:advanced_package_tool:0.8.12:::::::* cpe:2.3:a:debian:apt:0.8.7:::::::* cpe:2.3:a:debian:advanced_package_tool:0.7.19:::::::* cpe:2.3:a:debian:apt:0.5.13:::::::* cpe:2.3:a:debian:apt:0.3.3:::::::* cpe:2.3:a:debian:apt:0.6.42.1:::::::* cpe:2.3:a:debian:apt:0.5.30:::::::* cpe:2.3:a:debian:apt:0.7.26:exp4:::::: cpe:2.3:a:debian:advanced_package_tool:0.7.17:::::::* cpe:2.3:a:debian:apt:0.0.17-1:::::::* cpe:2.3:a:debian:apt:0.6.12:::::::* cpe:2.3:a:debian:apt:0.1.6:::::::* cpe:2.3:a:debian:apt:0.0.13-bo1:::::::* cpe:2.3:a:debian:apt:0.5.22:::::::* cpe:2.3:a:debian:apt:0.6.29:::::::* cpe:2.3:a:debian:apt:0.5.27:::::::* cpe:2.3:a:debian:apt:0.8.5:::::::* cpe:2.3:a:debian:apt:0.5.28:::::::* cpe:2.3:a:debian:advanced_package_tool:0.8.0:pre2:::::: cpe:2.3:a:debian:advanced_package_tool:0.8.10:::::::* cpe:2.3:a:debian:apt:0.6.6:::::::* cpe:2.3:a:debian:advanced_package_tool:0.7.20:::::::* cpe:2.3:a:debian:advanced_package_tool:0.8.13.1:::::::* cpe:2.3:a:debian:apt:0.6.14:::::::* cpe:2.3:a:debian:apt:0.6.46:::::::* cpe:2.3:a:debian:apt:0.7.26:exp9:::::: cpe:2.3:a:debian:apt:0.0.8:::::::* cpe:2.3:a:debian:apt:0.6.36:ubuntu1:::::: cpe:2.3:a:debian:advanced_package_tool:0.7.24:::::::* cpe:2.3:a:debian:apt:0.0.13:::::::* cpe:2.3:a:debian:apt:0.5.7:::::::* cpe:2.3:a:debian:apt:0.5.25:::::::* cpe:2.3:a:debian:advanced_package_tool:0.8.11.4:::::::* cpe:2.3:a:debian:advanced_package_tool:0.8.15:::::::* cpe:2.3:a:debian:apt:0.7.25.1:::::::* cpe:2.3:a:debian:apt:0.0.15:::::::* cpe:2.3:a:debian:apt:0.6.40.1:::::::* cpe:2.3:a:debian:apt:0.5.30:ubuntu1:::::: cpe:2.3:a:debian:advanced_package_tool:0.8.10.1:::::::* cpe:2.3:a:debian:apt:0.7.26:exp3:::::: cpe:2.3:a:debian:apt:0.6.43.2:::::::* cpe:2.3:a:debian:apt:0.3.7:::::::* cpe:2.3:a:debian:apt:0.1:::::::* cpe:2.3:a:debian:advanced_package_tool:0.7.23.1:::::::* cpe:2.3:a:debian:apt:0.0.12:::::::* cpe:2.3:a:debian:apt:0.5.31:::::::* cpe:2.3:a:debian:apt:0.7.6:::::::* cpe:2.3:a:debian:advanced_package_tool:0.8.11.5:::::::* cpe:2.3:a:debian:advanced_package_tool:0.8.1:::::::* cpe:2.3:a:debian:apt:0.6.28:::::::* cpe:2.3:a:debian:advanced_package_tool:0.7.16:::::::* cpe:2.3:a:debian:apt:0.7.26:exp1:::::: cpe:2.3:a:debian:apt:0.8.4:::::::* cpe:2.3:a:debian:apt:0.6.39:::::::* cpe:2.3:a:debian:apt:0.6.4:::::::* cpe:2.3:a:debian:apt:0.6.46.3:::::::* cpe:2.3:a:debian:advanced_package_tool:0.7.21:::::::* cpe:2.3:a:debian:apt:0.0.9:::::::* cpe:2.3:a:debian:apt:0.1.9:::::::* cpe:2.3:a:debian:advanced_package_tool:0.8.11.1:::::::* cpe:2.3:a:debian:apt:0.6.5:::::::* cpe:2.3:a:debian:apt:0.6.21:::::::* cpe:2.3:a:debian:apt:0.6.27:ubuntu4:::::: cpe:2.3:a:debian:apt:0.7.7:::::::* cpe:2.3:a:debian:apt:0.6.18:::::::* cpe:2.3:a:debian:apt:0.3.0:::::::* cpe:2.3:a:debian:apt:0.0.4:::::::* cpe:2.3:a:debian:apt:0.3.15:::::::* cpe:2.3:a:debian:apt:0.7.4:::::::* cpe:2.3:a:debian:apt:0.7.9:::::::* cpe:2.3:a:debian:apt:0.5.30:ubuntu2:::::: cpe:2.3:a:debian:apt:0.0.7:::::::* cpe:2.3:a:debian:apt:0.7.25.2:::::::* cpe:2.3:a:debian:apt:0.8.6:::::::* cpe:2.3:a:debian:apt:0.3.13:::::::* cpe:2.3:a:debian:advanced_package_tool:0.8.15:exp1:::::: cpe:2.3:a:debian:apt:0.6.31:::::::* cpe:2.3:a:debian:advanced_package_tool:0.7.14:::::::* cpe:2.3:a:debian:advanced_package_tool:0.7.18:::::::* cpe:2.3:a:debian:apt:0.6.15:::::::* cpe:2.3:a:debian:apt:0.6.35:::::::* cpe:2.3:a:debian:apt:0.7.8:::::::* cpe:2.3:a:debian:advanced_package_tool:0.8.11:::::::* cpe:2.3:a:debian:apt:0.6.8:::::::* cpe:2.3:a:debian:apt:0.0.3:::::::* cpe:2.3:a:debian:apt:0.0.16-1:::::::* cpe:2.3:a:debian:apt:0.6.44.2:exp1:::::: cpe:2.3:a:debian:apt:0.6.20:::::::* cpe:2.3:a:debian:apt:0.6.16:::::::* cpe:2.3:a:debian:apt:0.6.25:::::::* cpe:2.3:a:debian:apt:0.5.5:::::::* cpe:2.3:a:debian:apt:0.6.34:::::::* cpe:2.3:a:debian:apt:0.7.3:::::::* cpe:2.3:a:debian:apt:0.6.32:::::::* cpe:2.3:a:debian:apt:0.5.15:::::::* cpe:2.3:a:debian:apt:0.7.26:exp10:::::: cpe:2.3:a:debian:apt:0.1.1:::::::* cpe:2.3:a:debian:advanced_package_tool:0.7.22:::::::* cpe:2.3:a:debian:apt:0.3.2:::::::* cpe:2.3:a:debian:advanced_package_tool:0.8.0:::::::* cpe:2.3:a:debian:apt:0.6.11:::::::* cpe:2.3:a:debian:apt:0.1.7:::::::* cpe:2.3:a:debian:apt:0.6.43:::::::* cpe:2.3:a:debian:apt:0.6.46.3-0.2:::::::* cpe:2.3:a:debian:apt:0.6.22:::::::* cpe:2.3:a:debian:apt:0.5.17:::::::* cpe:2.3:a:debian:apt:0.3.16:::::::* cpe:2.3:a:debian:apt:0.5.19:::::::* cpe:2.3:a:debian:apt:0.5.18:::::::* cpe:2.3:a:debian:apt:0.6.46.3-0.1:::::::* cpe:2.3:a:debian:advanced_package_tool:0.7.13:::::::* cpe:2.3:a:debian:apt:0.5.8:::::::* cpe:2.3:a:debian:apt:0.5.11:::::::* cpe:2.3:a:debian:apt:0.6.43.3:::::::* cpe:2.3:a:debian:advanced_package_tool:0.7.22.2:::::::* cpe:2.3:a:debian:apt:0.5.0:::::::* cpe:2.3:a:debian:apt:0.0.5:::::::* cpe:2.3:a:debian:apt:0.5.2:::::::* cpe:2.3:a:debian:advanced_package_tool:0.8.11.2:::::::* cpe:2.3:a:debian:apt:0.6.37:::::::* cpe:2.3:a:debian:apt:0.6.3:::::::* cpe:2.3:a:debian:apt:0.6.44:::::::* cpe:2.3:a:debian:apt:0.7.26:exp2:::::: cpe:2.3:a:debian:advanced_package_tool:0.7.1:::::::* cpe:2.3:a:debian:apt:0.6.17:::::::* cpe:2.3:a:debian:apt:0.5.23:::::::* cpe:2.3:a:debian:apt:0.0.2:::::::* cpe:2.3:a:debian:apt:0.5.1:::::::* cpe:2.3:a:debian:apt:0.6.46.4-0.1:::::::* cpe:2.3:a:debian:apt:0.6.2:::::::* cpe:2.3:a:debian:apt:0.5.20:::::::* cpe:2.3:a:debian:apt:0.7.26:exp11:::::: cpe:2.3:a:debian:advanced_package_tool:0.8.0:pre1:::::: cpe:2.3:a:debian:apt:0.6.7:::::::* cpe:2.3:a:debian:advanced_package_tool:0.7.15:exp1:::::: cpe:2.3:a:debian:apt:0.3.4:::::::* cpe:2.3:a:debian:apt:0.6.27:ubuntu3:::::: cpe:2.3:a:debian:apt:0.6.42:::::::* cpe:2.3:a:debian:apt:0.5.12:::::::* cpe:2.3:a:debian:apt:0.7.5:::::::* cpe:2.3:a:debian:apt:0.0.14:::::::* cpe:2.3:a:debian:advanced_package_tool:0.8.13:::::::* cpe:2.3:a:debian:apt:0.7.25.3:::::::* cpe:2.3:a:debian:apt:0.8.2:::::::* cpe:2.3:a:debian:apt:0.6.42.2:::::::* cpe:2.3:a:debian:apt:0.6.43.1:::::::* cpe:2.3:a:debian:apt:0.0.15-0.2bo:::::::* cpe:2.3:a:debian:apt:0.5.5.1:::::::* cpe:2.3:a:debian:apt:0.7.25:::::::* cpe:2.3:a:debian:apt:0.6.44.1:::::::* cpe:2.3:a:debian:advanced_package_tool:0.7.17:exp4:::::: cpe:2.3:a:debian:apt:0.5.29:::::::* cpe:2.3:a:debian:apt:0.5.14:::::::* cpe:2.3:a:debian:apt:0.5.9:::::::* cpe:2.3:a:debian:apt:0.6.44.1-0.1:::::::* cpe:2.3:a:debian:apt:0.8.3:::::::* cpe:2.3:a:debian:advanced_package_tool:0.7.20.2:::::::* cpe:2.3:a:debian:apt:0.6.46.1:::::::* cpe:2.3:a:debian:apt:0.3.18:::::::* cpe:2.3:a:debian:apt:0.6.0:::::::* cpe:2.3:a:debian:apt:0.3.11:::::::* cpe:2.3:a:debian:apt:0.6.27:ubuntu2:::::: cpe:2.3:a:debian:apt:0.6.45:::::::* cpe:2.3:a:debian:apt:0.0.6:::::::* cpe:2.3:a:debian:apt:0.5.26:::::::* cpe:2.3:a:debian:apt:0.3.17:::::::* cpe:2.3:a:debian:apt:0.6.24:::::::* cpe:2.3:a:debian:apt:0.0.11:::::::* cpe:2.3:a:debian:advanced_package_tool:0.7.11:::::::* cpe:2.3:a:debian:advanced_package_tool:0.7.23:::::::* cpe:2.3:a:debian:advanced_package_tool:0.8.13.2:::::::* cpe:2.3:a:debian:apt:0.3.19:::::::* cpe:2.3:a:debian:apt:0.7.26:exp8:::::: cpe:2.3:a:debian:apt:0.7.26:exp5:::::: cpe:2.3:a:debian:apt:0.3.12:::::::* cpe:2.3:a:debian:advanced_package_tool:0.7.22.1:::::::* cpe:2.3:a:debian:apt:0.3.14:::::::* cpe:2.3:a:debian:apt:0.6.42.3:::::::* cpe:2.3:a:debian:advanced_package_tool:0.7.0:::::::* cpe:2.3:a:debian:advanced_package_tool:0.7.17:exp1::::::	cpe:2.3:o:canonical:ubuntu_linux:11.04:::::::*
References	~~(XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/68560 -~~	(XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/68560 - Third Party Advisory, VDB Entry
References	~~(CONFIRM) http://packages.debian.org/changelogs/pool/main/a/apt/current/changelog -~~	(CONFIRM) http://packages.debian.org/changelogs/pool/main/a/apt/current/changelog - Release Notes, Vendor Advisory
References	~~(CONFIRM) https://launchpad.net/bugs/784473 -~~	(CONFIRM) https://launchpad.net/bugs/784473 - Third Party Advisory
References	~~(UBUNTU) http://www.ubuntu.com/usn/USN-1169-1 -~~	(UBUNTU) http://www.ubuntu.com/usn/USN-1169-1 - Third Party Advisory
References	~~(BID) http://www.securityfocus.com/bid/48671 -~~	(BID) http://www.securityfocus.com/bid/48671 - Third Party Advisory, VDB Entry
References	~~(CONFIRM) http://launchpadlibrarian.net/75126628/apt_0.8.13.2ubuntu2_0.8.13.2ubuntu4.1.diff.gz - Patch~~	(CONFIRM) http://launchpadlibrarian.net/75126628/apt_0.8.13.2ubuntu2_0.8.13.2ubuntu4.1.diff.gz - Patch, Third Party Advisory

4.3^/10

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

CVE-2011-1829

4.3 /10