Ubuntu Security Notice (C) 2011-2014 Canonical, Inc. / NASL script (C) 2011-2014 Tenable Network Security, Inc.
The remote Ubuntu host is missing a security-related patch.
It was discovered that APT incorrectly handled the Verify-Host
configuration option. If a remote attacker were able to perform a
man-in-the-middle attack, this flaw could potentially be used to steal
repository credentials. This issue only affected Ubuntu 10.04 LTS and
USN-1215-1 fixed a vulnerability in APT by disabling the apt-key
net-update option. This update re-enables the option with corrected
It was discovered that the apt-key utility incorrectly verified GPG
keys when downloaded via the net-update option. If a remote attacker
were able to perform a man-in-the-middle attack, this flaw could
potentially be used to install altered packages.
Update the affected apt package.
Risk factor :
Low / CVSS Base Score : 2.6
Family: Ubuntu Local Security Checks
Nessus Plugin ID: 56970 ()
CVE ID: CVE-2011-3634