CVE-2012-5356
Ubuntu Software Properties - Arbitrary Package Repository GPG Key Installation via MITM Attack
Title source: llmDescription
The apt-add-repository tool in Ubuntu Software Properties 0.75.x before 0.75.10.3, 0.80.x before 0.80.9.2, 0.81.x before 0.81.13.5, 0.82.x before 0.82.7.3, and 0.92.x before 0.92.8 does not properly check PPA GPG keys imported from a keyserver, which allows remote attackers to install arbitrary package repository GPG keys via a man-in-the-middle (MITM) attack.
References (4)
Core 4
Core References
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1588-1
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/55736
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/78990
Issue Tracking x_refsource_misc
https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1016643
Scores
EPSS
0.0197
EPSS Percentile
78.0%
Details
CWE
CWE-20
Status
published
Products (50)
canonical/ubuntu_software_properties
0.75.4
canonical/ubuntu_software_properties
0.75.5
canonical/ubuntu_software_properties
0.75.6
canonical/ubuntu_software_properties
0.75.7
canonical/ubuntu_software_properties
0.75.8
canonical/ubuntu_software_properties
0.75.9
canonical/ubuntu_software_properties
0.75.10
canonical/ubuntu_software_properties
0.75.10.1
canonical/ubuntu_software_properties
0.75.10.2
canonical/ubuntu_software_properties
0.80
... and 40 more
Published
Oct 10, 2012
Tracked Since
Feb 18, 2026