CVE-2012-5356 (GCVE-0-2012-5356)

Vulnerability from cvelistv5 – Published: 2012-10-10 18:00 – Updated: 2024-08-06 21:05
VLAI
Summary
The apt-add-repository tool in Ubuntu Software Properties 0.75.x before 0.75.10.3, 0.80.x before 0.80.9.2, 0.81.x before 0.81.13.5, 0.82.x before 0.82.7.3, and 0.92.x before 0.92.8 does not properly check PPA GPG keys imported from a keyserver, which allows remote attackers to install arbitrary package repository GPG keys via a man-in-the-middle (MITM) attack.
Severity
No CVSS data available.
CWE
  • n/a
Assigner
References
Date Public
2012-09-17 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:05:46.870Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-1588-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1588-1"
          },
          {
            "name": "55736",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/55736"
          },
          {
            "name": "ubuntu-gpg-sec-bypass(78990)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78990"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1016643"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-09-17T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The apt-add-repository tool in Ubuntu Software Properties 0.75.x before 0.75.10.3, 0.80.x before 0.80.9.2, 0.81.x before 0.81.13.5, 0.82.x before 0.82.7.3, and 0.92.x before 0.92.8 does not properly check PPA GPG keys imported from a keyserver, which allows remote attackers to install arbitrary package repository GPG keys via a man-in-the-middle (MITM) attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "USN-1588-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1588-1"
        },
        {
          "name": "55736",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/55736"
        },
        {
          "name": "ubuntu-gpg-sec-bypass(78990)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78990"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1016643"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2012-5356",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The apt-add-repository tool in Ubuntu Software Properties 0.75.x before 0.75.10.3, 0.80.x before 0.80.9.2, 0.81.x before 0.81.13.5, 0.82.x before 0.82.7.3, and 0.92.x before 0.92.8 does not properly check PPA GPG keys imported from a keyserver, which allows remote attackers to install arbitrary package repository GPG keys via a man-in-the-middle (MITM) attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-1588-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1588-1"
            },
            {
              "name": "55736",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/55736"
            },
            {
              "name": "ubuntu-gpg-sec-bypass(78990)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78990"
            },
            {
              "name": "https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1016643",
              "refsource": "MISC",
              "url": "https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1016643"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2012-5356",
    "datePublished": "2012-10-10T18:00:00.000Z",
    "dateReserved": "2012-10-10T00:00:00.000Z",
    "dateUpdated": "2024-08-06T21:05:46.870Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2012-5356",
      "date": "2026-07-16",
      "epss": "0.01968",
      "percentile": "0.78139"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.75.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"184F2D0B-3DF4-4867-9E2A-0DC811B46EBF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.75.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AFE15797-562D-47C8-8D69-65FC90FB948B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.75.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2A97DA7A-B187-4215-84AD-3A318FDA5AB8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.75.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DD55026D-31A1-4263-BD75-35CFD57B489B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.75.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D6F55FBD-D960-40DB-9B35-59BD01A8F577\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.75.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"17D82146-84C0-4ACB-9EB0-A9080C77D01E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.75.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"555296EA-799C-4C74-9C1E-951B2A4312B1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.75.10.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"13B0E0DC-E93E-4713-B021-FFECA62619AE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.75.10.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BB2E775F-157E-432C-8B69-FAABBE55879D\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.80:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B6797994-29C8-4805-81B0-559BB55EBC77\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.80.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"966039CD-F163-4235-8E6F-B305A3A9099A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.80.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A4B1C439-E7EB-4DAD-86FA-F644D4CED229\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.80.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5A886803-A0D4-4A18-B90E-651B8063B1B3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.80.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B5F42DEC-9473-4652-B8D3-A571E46C0136\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.80.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B211FDB5-20DE-41B4-BF79-F0811DF62F9C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.80.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9D12A2FA-3D5D-4152-B939-C5D090BA371E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.80.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6458D6AD-90B9-4F13-8270-48A47EB2EAA7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.80.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F936FFDF-CD21-46A6-B42E-C0E536CD3A9D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.80.9.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"88A902AF-FB25-4B10-BF6F-46DCC2FB060C\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.81:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A58F01C3-81C2-47DC-A66F-888E45158895\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.81.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BAC62A53-C315-4516-892F-F0CF7C598E49\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.81.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E72FD830-954B-4F14-9B59-86121269C392\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.81.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4E0203EF-7FD9-4D97-AC33-6977A38495C5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.81.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"836B0B0F-EA7B-4252-B0B2-8ABBEB1BACD3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.81.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EEA06505-8088-443F-8A16-03B5B7459E05\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.81.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0C9DF802-D20B-4EFD-9397-67FC25B2317B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.81.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E201F029-ED85-483F-A194-A65365D02156\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.81.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5D4EEE0C-BC05-42CC-A2BD-2CC238A344DF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.81.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"13FC087F-1AA1-45DC-978F-B066CA99F7B0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.81.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0303AA5C-C83F-4D3E-A545-A438FF24C18E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.81.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BEF14135-0B89-4428-9D91-4C097E6F5497\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.81.13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8047C0DE-D3B9-425B-8577-DDA870814B33\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.81.13.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FDA5D81E-5195-41D7-AAE1-79AE77C167A5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.81.13.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B7CA5A01-94AD-46E5-BDC0-E1984D644CB4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.81.13.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5911C646-504F-4347-B3C4-7CAA352891D2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.81.13.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8196D7D1-C25C-4506-9A77-0BD547164450\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.82:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0F5CE606-E5CE-475A-8334-48017B2EF899\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.82.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ABB71F54-4B83-454E-A7BF-9A52B216FBB2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.82.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C8F01FF0-F862-4823-B7EC-4138A69047B1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.82.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4AD8700D-3EE2-4BA9-8C99-D871F98B26A9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.82.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2F73A0D7-2AA2-4F18-BB68-4B39DE951FAE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.82.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A4DC8A9E-2C1D-404B-BBF6-E5CE7A5204D0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.82.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ADC6A6AA-C090-4816-8AA3-A95C036FC203\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.82.7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DCE0CFE0-6F72-4C6E-B55C-A5931D2C4142\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.82.7.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9E22A4E5-3CB2-49DB-BD12-764D00A6C379\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.92:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0CCECD13-39EE-4AB4-AC40-3963FD8B80B2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.92.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"910B4E1F-1746-4902-BF42-1FCC2CA7E89D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.92.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4DF85285-18BE-48D4-9A79-5999424DA5A0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.92.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"11743C71-8DEC-41F1-9E9F-A1C0323EF4C5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.92.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"541975D2-A4B9-44ED-AE37-FE525E5C2A94\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.92.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DCB55949-1DF4-4A4E-88B8-FBF78744D8A1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:canonical:ubuntu_software_properties:0.92.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6C77BCD4-680F-4D6D-9B4B-523BBFC68930\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The apt-add-repository tool in Ubuntu Software Properties 0.75.x before 0.75.10.3, 0.80.x before 0.80.9.2, 0.81.x before 0.81.13.5, 0.82.x before 0.82.7.3, and 0.92.x before 0.92.8 does not properly check PPA GPG keys imported from a keyserver, which allows remote attackers to install arbitrary package repository GPG keys via a man-in-the-middle (MITM) attack.\"}, {\"lang\": \"es\", \"value\": \"La herramienta apt-add-repository v0.75.x antes de v0.75.10.3, v0.80.x antes de v0.80.9.2, antes de v0.81.x antes de v0.81.13.5, v0.82.x antes de v0.82.7.3, y antes de v0.92.x antes de v0.92.8 no comprueba correctamente las llaves PPA GPG importadas desde el servidor de claves, lo que permite a atacantes remotos instalar llaves GPG arbitrarias de paquetes del repositorio mediante un ataque man-in-the-middle (MITM).\"}]",
      "id": "CVE-2012-5356",
      "lastModified": "2024-11-21T01:44:34.863",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:P\", \"baseScore\": 5.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2012-10-10T18:55:05.707",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/55736\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-1588-1\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1016643\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/78990\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/55736\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-1588-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1016643\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/78990\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2012-5356\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2012-10-10T18:55:05.707\",\"lastModified\":\"2026-04-29T01:13:23.040\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The apt-add-repository tool in Ubuntu Software Properties 0.75.x before 0.75.10.3, 0.80.x before 0.80.9.2, 0.81.x before 0.81.13.5, 0.82.x before 0.82.7.3, and 0.92.x before 0.92.8 does not properly check PPA GPG keys imported from a keyserver, which allows remote attackers to install arbitrary package repository GPG keys via a man-in-the-middle (MITM) attack.\"},{\"lang\":\"es\",\"value\":\"La herramienta apt-add-repository v0.75.x antes de v0.75.10.3, v0.80.x antes de v0.80.9.2, antes de v0.81.x antes de v0.81.13.5, v0.82.x antes de v0.82.7.3, y antes de v0.92.x antes de v0.92.8 no comprueba correctamente las llaves PPA GPG importadas desde el servidor de claves, lo que permite a atacantes remotos instalar llaves GPG arbitrarias de paquetes del repositorio mediante un ataque man-in-the-middle (MITM).\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:P\",\"baseScore\":5.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.75.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"184F2D0B-3DF4-4867-9E2A-0DC811B46EBF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.75.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AFE15797-562D-47C8-8D69-65FC90FB948B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.75.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A97DA7A-B187-4215-84AD-3A318FDA5AB8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.75.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD55026D-31A1-4263-BD75-35CFD57B489B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.75.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6F55FBD-D960-40DB-9B35-59BD01A8F577\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.75.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17D82146-84C0-4ACB-9EB0-A9080C77D01E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.75.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"555296EA-799C-4C74-9C1E-951B2A4312B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.75.10.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"13B0E0DC-E93E-4713-B021-FFECA62619AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.75.10.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB2E775F-157E-432C-8B69-FAABBE55879D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.80:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6797994-29C8-4805-81B0-559BB55EBC77\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.80.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"966039CD-F163-4235-8E6F-B305A3A9099A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.80.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4B1C439-E7EB-4DAD-86FA-F644D4CED229\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.80.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A886803-A0D4-4A18-B90E-651B8063B1B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.80.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5F42DEC-9473-4652-B8D3-A571E46C0136\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.80.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B211FDB5-20DE-41B4-BF79-F0811DF62F9C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.80.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D12A2FA-3D5D-4152-B939-C5D090BA371E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.80.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6458D6AD-90B9-4F13-8270-48A47EB2EAA7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.80.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F936FFDF-CD21-46A6-B42E-C0E536CD3A9D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.80.9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88A902AF-FB25-4B10-BF6F-46DCC2FB060C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.81:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A58F01C3-81C2-47DC-A66F-888E45158895\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.81.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BAC62A53-C315-4516-892F-F0CF7C598E49\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.81.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E72FD830-954B-4F14-9B59-86121269C392\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.81.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E0203EF-7FD9-4D97-AC33-6977A38495C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.81.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"836B0B0F-EA7B-4252-B0B2-8ABBEB1BACD3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.81.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EEA06505-8088-443F-8A16-03B5B7459E05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.81.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C9DF802-D20B-4EFD-9397-67FC25B2317B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.81.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E201F029-ED85-483F-A194-A65365D02156\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.81.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D4EEE0C-BC05-42CC-A2BD-2CC238A344DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.81.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"13FC087F-1AA1-45DC-978F-B066CA99F7B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.81.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0303AA5C-C83F-4D3E-A545-A438FF24C18E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.81.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BEF14135-0B89-4428-9D91-4C097E6F5497\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.81.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8047C0DE-D3B9-425B-8577-DDA870814B33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.81.13.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FDA5D81E-5195-41D7-AAE1-79AE77C167A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.81.13.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7CA5A01-94AD-46E5-BDC0-E1984D644CB4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.81.13.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5911C646-504F-4347-B3C4-7CAA352891D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.81.13.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8196D7D1-C25C-4506-9A77-0BD547164450\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.82:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F5CE606-E5CE-475A-8334-48017B2EF899\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.82.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ABB71F54-4B83-454E-A7BF-9A52B216FBB2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.82.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8F01FF0-F862-4823-B7EC-4138A69047B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.82.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4AD8700D-3EE2-4BA9-8C99-D871F98B26A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.82.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F73A0D7-2AA2-4F18-BB68-4B39DE951FAE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.82.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4DC8A9E-2C1D-404B-BBF6-E5CE7A5204D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.82.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ADC6A6AA-C090-4816-8AA3-A95C036FC203\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.82.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCE0CFE0-6F72-4C6E-B55C-A5931D2C4142\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.82.7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E22A4E5-3CB2-49DB-BD12-764D00A6C379\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.92:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CCECD13-39EE-4AB4-AC40-3963FD8B80B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.92.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"910B4E1F-1746-4902-BF42-1FCC2CA7E89D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.92.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DF85285-18BE-48D4-9A79-5999424DA5A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.92.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11743C71-8DEC-41F1-9E9F-A1C0323EF4C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.92.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"541975D2-A4B9-44ED-AE37-FE525E5C2A94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.92.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCB55949-1DF4-4A4E-88B8-FBF78744D8A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:canonical:ubuntu_software_properties:0.92.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C77BCD4-680F-4D6D-9B4B-523BBFC68930\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/55736\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.ubuntu.com/usn/USN-1588-1\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1016643\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/78990\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/55736\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/USN-1588-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1016643\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/78990\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…