CVE-2012-5356 (GCVE-0-2012-5356)
Vulnerability from cvelistv5 – Published: 2012-10-10 18:00 – Updated: 2024-08-06 21:05
VLAI
EPSS
VEX
Summary
The apt-add-repository tool in Ubuntu Software Properties 0.75.x before 0.75.10.3, 0.80.x before 0.80.9.2, 0.81.x before 0.81.13.5, 0.82.x before 0.82.7.3, and 0.92.x before 0.92.8 does not properly check PPA GPG keys imported from a keyserver, which allows remote attackers to install arbitrary package repository GPG keys via a man-in-the-middle (MITM) attack.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.ubuntu.com/usn/USN-1588-1 | vendor-advisoryx_refsource_UBUNTU |
| http://www.securityfocus.com/bid/55736 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| https://bugs.launchpad.net/ubuntu/+source/softwar… | x_refsource_MISC |
Date Public
2012-09-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:46.870Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-1588-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1588-1"
},
{
"name": "55736",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55736"
},
{
"name": "ubuntu-gpg-sec-bypass(78990)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78990"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1016643"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The apt-add-repository tool in Ubuntu Software Properties 0.75.x before 0.75.10.3, 0.80.x before 0.80.9.2, 0.81.x before 0.81.13.5, 0.82.x before 0.82.7.3, and 0.92.x before 0.92.8 does not properly check PPA GPG keys imported from a keyserver, which allows remote attackers to install arbitrary package repository GPG keys via a man-in-the-middle (MITM) attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-1588-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1588-1"
},
{
"name": "55736",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55736"
},
{
"name": "ubuntu-gpg-sec-bypass(78990)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78990"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1016643"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5356",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The apt-add-repository tool in Ubuntu Software Properties 0.75.x before 0.75.10.3, 0.80.x before 0.80.9.2, 0.81.x before 0.81.13.5, 0.82.x before 0.82.7.3, and 0.92.x before 0.92.8 does not properly check PPA GPG keys imported from a keyserver, which allows remote attackers to install arbitrary package repository GPG keys via a man-in-the-middle (MITM) attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-1588-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1588-1"
},
{
"name": "55736",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55736"
},
{
"name": "ubuntu-gpg-sec-bypass(78990)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78990"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1016643",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1016643"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-5356",
"datePublished": "2012-10-10T18:00:00.000Z",
"dateReserved": "2012-10-10T00:00:00.000Z",
"dateUpdated": "2024-08-06T21:05:46.870Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2012-5356",
"date": "2026-07-16",
"epss": "0.01968",
"percentile": "0.78139"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.75.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"184F2D0B-3DF4-4867-9E2A-0DC811B46EBF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.75.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AFE15797-562D-47C8-8D69-65FC90FB948B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.75.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2A97DA7A-B187-4215-84AD-3A318FDA5AB8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.75.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DD55026D-31A1-4263-BD75-35CFD57B489B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.75.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D6F55FBD-D960-40DB-9B35-59BD01A8F577\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.75.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"17D82146-84C0-4ACB-9EB0-A9080C77D01E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.75.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"555296EA-799C-4C74-9C1E-951B2A4312B1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.75.10.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"13B0E0DC-E93E-4713-B021-FFECA62619AE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.75.10.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BB2E775F-157E-432C-8B69-FAABBE55879D\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.80:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B6797994-29C8-4805-81B0-559BB55EBC77\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.80.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"966039CD-F163-4235-8E6F-B305A3A9099A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.80.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A4B1C439-E7EB-4DAD-86FA-F644D4CED229\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.80.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5A886803-A0D4-4A18-B90E-651B8063B1B3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.80.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B5F42DEC-9473-4652-B8D3-A571E46C0136\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.80.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B211FDB5-20DE-41B4-BF79-F0811DF62F9C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.80.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9D12A2FA-3D5D-4152-B939-C5D090BA371E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.80.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6458D6AD-90B9-4F13-8270-48A47EB2EAA7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.80.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F936FFDF-CD21-46A6-B42E-C0E536CD3A9D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.80.9.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"88A902AF-FB25-4B10-BF6F-46DCC2FB060C\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.81:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A58F01C3-81C2-47DC-A66F-888E45158895\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.81.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BAC62A53-C315-4516-892F-F0CF7C598E49\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.81.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E72FD830-954B-4F14-9B59-86121269C392\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.81.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4E0203EF-7FD9-4D97-AC33-6977A38495C5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.81.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"836B0B0F-EA7B-4252-B0B2-8ABBEB1BACD3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.81.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EEA06505-8088-443F-8A16-03B5B7459E05\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.81.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0C9DF802-D20B-4EFD-9397-67FC25B2317B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.81.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E201F029-ED85-483F-A194-A65365D02156\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.81.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5D4EEE0C-BC05-42CC-A2BD-2CC238A344DF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.81.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"13FC087F-1AA1-45DC-978F-B066CA99F7B0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.81.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0303AA5C-C83F-4D3E-A545-A438FF24C18E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.81.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BEF14135-0B89-4428-9D91-4C097E6F5497\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.81.13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8047C0DE-D3B9-425B-8577-DDA870814B33\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.81.13.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FDA5D81E-5195-41D7-AAE1-79AE77C167A5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.81.13.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B7CA5A01-94AD-46E5-BDC0-E1984D644CB4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.81.13.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5911C646-504F-4347-B3C4-7CAA352891D2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.81.13.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8196D7D1-C25C-4506-9A77-0BD547164450\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.82:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0F5CE606-E5CE-475A-8334-48017B2EF899\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.82.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ABB71F54-4B83-454E-A7BF-9A52B216FBB2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.82.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C8F01FF0-F862-4823-B7EC-4138A69047B1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.82.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4AD8700D-3EE2-4BA9-8C99-D871F98B26A9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.82.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2F73A0D7-2AA2-4F18-BB68-4B39DE951FAE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.82.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A4DC8A9E-2C1D-404B-BBF6-E5CE7A5204D0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.82.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ADC6A6AA-C090-4816-8AA3-A95C036FC203\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.82.7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DCE0CFE0-6F72-4C6E-B55C-A5931D2C4142\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.82.7.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9E22A4E5-3CB2-49DB-BD12-764D00A6C379\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.92:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0CCECD13-39EE-4AB4-AC40-3963FD8B80B2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.92.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"910B4E1F-1746-4902-BF42-1FCC2CA7E89D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.92.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4DF85285-18BE-48D4-9A79-5999424DA5A0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.92.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"11743C71-8DEC-41F1-9E9F-A1C0323EF4C5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.92.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"541975D2-A4B9-44ED-AE37-FE525E5C2A94\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.92.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DCB55949-1DF4-4A4E-88B8-FBF78744D8A1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.92.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6C77BCD4-680F-4D6D-9B4B-523BBFC68930\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"The apt-add-repository tool in Ubuntu Software Properties 0.75.x before 0.75.10.3, 0.80.x before 0.80.9.2, 0.81.x before 0.81.13.5, 0.82.x before 0.82.7.3, and 0.92.x before 0.92.8 does not properly check PPA GPG keys imported from a keyserver, which allows remote attackers to install arbitrary package repository GPG keys via a man-in-the-middle (MITM) attack.\"}, {\"lang\": \"es\", \"value\": \"La herramienta apt-add-repository v0.75.x antes de v0.75.10.3, v0.80.x antes de v0.80.9.2, antes de v0.81.x antes de v0.81.13.5, v0.82.x antes de v0.82.7.3, y antes de v0.92.x antes de v0.92.8 no comprueba correctamente las llaves PPA GPG importadas desde el servidor de claves, lo que permite a atacantes remotos instalar llaves GPG arbitrarias de paquetes del repositorio mediante un ataque man-in-the-middle (MITM).\"}]",
"id": "CVE-2012-5356",
"lastModified": "2024-11-21T01:44:34.863",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:P\", \"baseScore\": 5.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2012-10-10T18:55:05.707",
"references": "[{\"url\": \"http://www.securityfocus.com/bid/55736\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-1588-1\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1016643\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/78990\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/55736\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-1588-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1016643\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/78990\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2012-5356\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2012-10-10T18:55:05.707\",\"lastModified\":\"2026-04-29T01:13:23.040\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The apt-add-repository tool in Ubuntu Software Properties 0.75.x before 0.75.10.3, 0.80.x before 0.80.9.2, 0.81.x before 0.81.13.5, 0.82.x before 0.82.7.3, and 0.92.x before 0.92.8 does not properly check PPA GPG keys imported from a keyserver, which allows remote attackers to install arbitrary package repository GPG keys via a man-in-the-middle (MITM) attack.\"},{\"lang\":\"es\",\"value\":\"La herramienta apt-add-repository v0.75.x antes de v0.75.10.3, v0.80.x antes de v0.80.9.2, antes de v0.81.x antes de v0.81.13.5, v0.82.x antes de v0.82.7.3, y antes de v0.92.x antes de v0.92.8 no comprueba correctamente las llaves PPA GPG importadas desde el servidor de claves, lo que permite a atacantes remotos instalar llaves GPG arbitrarias de paquetes del repositorio mediante un ataque man-in-the-middle (MITM).\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:P\",\"baseScore\":5.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.75.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"184F2D0B-3DF4-4867-9E2A-0DC811B46EBF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.75.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AFE15797-562D-47C8-8D69-65FC90FB948B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.75.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A97DA7A-B187-4215-84AD-3A318FDA5AB8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.75.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD55026D-31A1-4263-BD75-35CFD57B489B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.75.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6F55FBD-D960-40DB-9B35-59BD01A8F577\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.75.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17D82146-84C0-4ACB-9EB0-A9080C77D01E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.75.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"555296EA-799C-4C74-9C1E-951B2A4312B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.75.10.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"13B0E0DC-E93E-4713-B021-FFECA62619AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.75.10.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB2E775F-157E-432C-8B69-FAABBE55879D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.80:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6797994-29C8-4805-81B0-559BB55EBC77\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.80.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"966039CD-F163-4235-8E6F-B305A3A9099A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.80.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4B1C439-E7EB-4DAD-86FA-F644D4CED229\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.80.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A886803-A0D4-4A18-B90E-651B8063B1B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.80.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5F42DEC-9473-4652-B8D3-A571E46C0136\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.80.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B211FDB5-20DE-41B4-BF79-F0811DF62F9C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.80.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D12A2FA-3D5D-4152-B939-C5D090BA371E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.80.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6458D6AD-90B9-4F13-8270-48A47EB2EAA7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.80.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F936FFDF-CD21-46A6-B42E-C0E536CD3A9D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.80.9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88A902AF-FB25-4B10-BF6F-46DCC2FB060C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.81:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A58F01C3-81C2-47DC-A66F-888E45158895\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.81.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BAC62A53-C315-4516-892F-F0CF7C598E49\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.81.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E72FD830-954B-4F14-9B59-86121269C392\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.81.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E0203EF-7FD9-4D97-AC33-6977A38495C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.81.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"836B0B0F-EA7B-4252-B0B2-8ABBEB1BACD3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.81.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EEA06505-8088-443F-8A16-03B5B7459E05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.81.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C9DF802-D20B-4EFD-9397-67FC25B2317B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.81.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E201F029-ED85-483F-A194-A65365D02156\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.81.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D4EEE0C-BC05-42CC-A2BD-2CC238A344DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.81.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"13FC087F-1AA1-45DC-978F-B066CA99F7B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.81.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0303AA5C-C83F-4D3E-A545-A438FF24C18E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.81.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BEF14135-0B89-4428-9D91-4C097E6F5497\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.81.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8047C0DE-D3B9-425B-8577-DDA870814B33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.81.13.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FDA5D81E-5195-41D7-AAE1-79AE77C167A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.81.13.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7CA5A01-94AD-46E5-BDC0-E1984D644CB4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.81.13.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5911C646-504F-4347-B3C4-7CAA352891D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.81.13.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8196D7D1-C25C-4506-9A77-0BD547164450\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.82:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F5CE606-E5CE-475A-8334-48017B2EF899\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.82.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ABB71F54-4B83-454E-A7BF-9A52B216FBB2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.82.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8F01FF0-F862-4823-B7EC-4138A69047B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.82.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4AD8700D-3EE2-4BA9-8C99-D871F98B26A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.82.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F73A0D7-2AA2-4F18-BB68-4B39DE951FAE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.82.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4DC8A9E-2C1D-404B-BBF6-E5CE7A5204D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.82.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ADC6A6AA-C090-4816-8AA3-A95C036FC203\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.82.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCE0CFE0-6F72-4C6E-B55C-A5931D2C4142\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.82.7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E22A4E5-3CB2-49DB-BD12-764D00A6C379\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.92:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CCECD13-39EE-4AB4-AC40-3963FD8B80B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.92.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"910B4E1F-1746-4902-BF42-1FCC2CA7E89D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.92.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DF85285-18BE-48D4-9A79-5999424DA5A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.92.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11743C71-8DEC-41F1-9E9F-A1C0323EF4C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.92.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"541975D2-A4B9-44ED-AE37-FE525E5C2A94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.92.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCB55949-1DF4-4A4E-88B8-FBF78744D8A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.92.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C77BCD4-680F-4D6D-9B4B-523BBFC68930\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/55736\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.ubuntu.com/usn/USN-1588-1\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1016643\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/78990\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/55736\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/USN-1588-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1016643\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/78990\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…