CVE-2012-5356

Ubuntu Software Properties - Arbitrary Package Repository GPG Key Installation via MITM Attack

Title source: llm
STIX 2.1

Description

The apt-add-repository tool in Ubuntu Software Properties 0.75.x before 0.75.10.3, 0.80.x before 0.80.9.2, 0.81.x before 0.81.13.5, 0.82.x before 0.82.7.3, and 0.92.x before 0.92.8 does not properly check PPA GPG keys imported from a keyserver, which allows remote attackers to install arbitrary package repository GPG keys via a man-in-the-middle (MITM) attack.

References (4)

Core 4
Core References
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1588-1
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/55736
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/78990

Scores

EPSS 0.0197
EPSS Percentile 78.0%

Details

CWE
CWE-20
Status published
Products (50)
canonical/ubuntu_software_properties 0.75.4
canonical/ubuntu_software_properties 0.75.5
canonical/ubuntu_software_properties 0.75.6
canonical/ubuntu_software_properties 0.75.7
canonical/ubuntu_software_properties 0.75.8
canonical/ubuntu_software_properties 0.75.9
canonical/ubuntu_software_properties 0.75.10
canonical/ubuntu_software_properties 0.75.10.1
canonical/ubuntu_software_properties 0.75.10.2
canonical/ubuntu_software_properties 0.80
... and 40 more
Published Oct 10, 2012
Tracked Since Feb 18, 2026