CVE-2012-0944

medium

Description

Aptdaemon 0.43 and earlier in Ubuntu 11.04, 11.10, and 12.04 LTS does not authenticate packages when the transaction is not simulated, which allows remote attackers to install arbitrary packages via a man-in-the-middle attack.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/74553

https://bugs.launchpad.net/ubuntu/%2Bsource/aptdaemon/%2Bbug/959131

http://www.securityfocus.com/bid/52855

http://www.osvdb.org/80887

http://ubuntu.com/usn/usn-1414-1

http://secunia.com/advisories/48688

Details

Source: Mitre, NVD

Published: 2012-06-04

Updated: 2025-04-11

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 5.9

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N