{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-middle (MITM) attack."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2012-06-19T20:00:00.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20120612 Strange gpg key shadowing", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2012/Jun/267"}, {"name": "USN-1477-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1477-1"}, {"name": "USN-1475-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1475-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013128"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-3587", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-middle (MITM) attack."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20120612 Strange gpg key shadowing", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2012/Jun/267"}, {"name": "USN-1477-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1477-1"}, {"name": "USN-1475-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1475-1"}, {"name": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013128", "refsource": "CONFIRM", "url": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013128"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T20:13:50.755Z"}, "title": "CVE Program Container", "references": [{"name": "20120612 Strange gpg key shadowing", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2012/Jun/267"}, {"name": "USN-1477-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1477-1"}, {"name": "USN-1475-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1475-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013128"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2012-3587", "datePublished": "2012-06-19T20:00:00.000Z", "dateReserved": "2012-06-19T00:00:00.000Z", "dateUpdated": "2024-09-16T22:30:53.425Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "2372DE68-69A3-44B6-A42E-1C8EA272FAC6", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "1F846A10-711A-42A1-A71A-FB11D4B511F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "3E070DA8-E764-4C1B-BCDB-F15597ABE7AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.2-0.1:*:*:*:*:*:*:*", "matchCriteriaId": "DCEE6BF2-3B33-41F7-84C4-626D1559FB24", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.10:*:*:*:*:*:*:*", "matchCriteriaId": "1BDAAE90-9BD4-4160-89D3-162561CB30BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.11:*:*:*:*:*:*:*", "matchCriteriaId": "CBC7B0DD-F983-41DC-BB78-52FB53C044DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.12:*:*:*:*:*:*:*", "matchCriteriaId": "B832BF3E-A081-4708-8D54-C5BC827965E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.13:*:*:*:*:*:*:*", "matchCriteriaId": "31586872-C049-4125-B82A-FEA8B06FDF7B", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.14:*:*:*:*:*:*:*", "matchCriteriaId": "2F377D69-4C1D-4D1A-96D9-B7724756CA3D", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.15:*:*:*:*:*:*:*", "matchCriteriaId": "71851F90-85E4-4250-B9FB-320A33B04B58", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.15:exp1:*:*:*:*:*:*", "matchCriteriaId": "C6356166-F4D5-4B50-94AE-7A25803FFF38", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.15:exp2:*:*:*:*:*:*", "matchCriteriaId": "0D7D88AF-16B4-4C3F-AF7D-8773CB08BA01", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.15:exp3:*:*:*:*:*:*", "matchCriteriaId": "5F293909-BFDB-49A2-AF03-6ADACE195204", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.16:*:*:*:*:*:*:*", "matchCriteriaId": "E138D3A7-F289-4491-A24D-4DF2F179EAAB", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.17:*:*:*:*:*:*:*", "matchCriteriaId": "19ED89FC-F907-4126-B969-625887306487", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.17:exp1:*:*:*:*:*:*", "matchCriteriaId": "0F467E33-20AC-401C-AF1F-8F4BC0CB0C37", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.17:exp2:*:*:*:*:*:*", "matchCriteriaId": "595406A6-DFD2-4E26-82C8-745E0AC0D6B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.17:exp3:*:*:*:*:*:*", "matchCriteriaId": "4ED3DB0F-E9BF-4E23-8057-AACA17475C66", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.17:exp4:*:*:*:*:*:*", "matchCriteriaId": "39A7A479-6225-43EA-B010-46EF4BC77E10", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.18:*:*:*:*:*:*:*", "matchCriteriaId": "9EC4CC2E-7E68-4360-8360-B0463D9B6B79", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.19:*:*:*:*:*:*:*", "matchCriteriaId": "BF988A0E-A630-40DD-9387-2C1610D2F932", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.20:*:*:*:*:*:*:*", "matchCriteriaId": "63E05BE6-9BDF-441E-873E-A4D965B3494F", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.20.1:*:*:*:*:*:*:*", "matchCriteriaId": "EBE7EC9A-2E4D-4A60-AC88-F390F5B3432A", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.20.2:*:*:*:*:*:*:*", "matchCriteriaId": "A2257DAB-0A44-4841-9EF9-CBBF9BB68F40", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.21:*:*:*:*:*:*:*", "matchCriteriaId": "47EDE750-C502-4B25-829D-D0C0F2653C19", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.22:*:*:*:*:*:*:*", "matchCriteriaId": "189E20DE-EEFB-488A-B741-4BC80CF553B9", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.22.1:*:*:*:*:*:*:*", "matchCriteriaId": "96D80D63-6971-4CC7-A9A8-D9D05767F60A", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.22.2:*:*:*:*:*:*:*", "matchCriteriaId": "1186DDDE-FCF4-45B8-A7EA-2DAE8DA3F010", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.23:*:*:*:*:*:*:*", "matchCriteriaId": "58F88656-5BF9-4D51-9C37-26E9685484F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.23.1:*:*:*:*:*:*:*", "matchCriteriaId": "9AB74135-2BB7-42F7-99CB-AFF0B811B66A", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.7.24:*:*:*:*:*:*:*", "matchCriteriaId": "1B025168-8319-45C2-82BC-97EBD5EE563E", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "58F0D8BF-F9D3-40D0-AD71-9978F2A1FD29", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.0:pre1:*:*:*:*:*:*", "matchCriteriaId": "E82F9BF7-D4DD-4CF5-BE57-4772B7DDD5D8", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.0:pre2:*:*:*:*:*:*", "matchCriteriaId": "7F4BC141-EEEB-4D0B-A3D4-24929855B685", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "6CA54D7A-9296-4530-8215-6EB708DDE2B7", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.10:*:*:*:*:*:*:*", "matchCriteriaId": "04F345BE-745C-418D-BF0F-B7A5F1E3A5B7", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "46799DD7-E46E-4EB2-AF13-852407384A5C", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.10.2:*:*:*:*:*:*:*", "matchCriteriaId": "C417AF8F-D12C-4759-B99D-C60E139B9946", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.10.3:*:*:*:*:*:*:*", "matchCriteriaId": "225275E2-3E9E-48FE-A2FF-9FE37A67E550", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.11:*:*:*:*:*:*:*", "matchCriteriaId": "3EA2183D-7D9E-4841-A1C9-B843AF3A03F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.11.1:*:*:*:*:*:*:*", "matchCriteriaId": "7EAB3B8A-BDFA-4EDD-9A6D-F3CDE4977EDD", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.11.2:*:*:*:*:*:*:*", "matchCriteriaId": "7A629D58-017D-4F27-B286-42094C727822", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.11.3:*:*:*:*:*:*:*", "matchCriteriaId": "9817661D-CACE-4D81-9432-2CDE5A51F4DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.11.4:*:*:*:*:*:*:*", "matchCriteriaId": "A1A65066-5A1A-4091-9219-6060A662653D", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.11.5:*:*:*:*:*:*:*", "matchCriteriaId": "FAFCA592-F57F-4C12-A1F7-496BDFB2A4A3", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.12:*:*:*:*:*:*:*", "matchCriteriaId": "9793E4BB-5969-45DB-B9F6-29CB9C98D559", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.13:*:*:*:*:*:*:*", "matchCriteriaId": "7427F24E-D3CB-498E-8695-9FC40546CFA5", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.13.1:*:*:*:*:*:*:*", "matchCriteriaId": "70A8FE33-63BC-4145-A6CA-90A61CB81AC8", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.13.2:*:*:*:*:*:*:*", "matchCriteriaId": "08C018A3-012C-4790-9D09-36661549A6E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.14:*:*:*:*:*:*:*", "matchCriteriaId": "406C6D95-53B7-4950-83C5-4C27E755F24A", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.14.1:*:*:*:*:*:*:*", "matchCriteriaId": "F0E56161-E80F-4EC4-9D1C-0FBCA672EEFB", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.15:*:*:*:*:*:*:*", "matchCriteriaId": "64C1D283-9326-4A6E-9529-BA8D26A36CE1", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.15:exp1:*:*:*:*:*:*", "matchCriteriaId": "1784FE65-DAE2-4E97-96A3-9A1835040245", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.15:exp2:*:*:*:*:*:*", "matchCriteriaId": "6368BAB5-D44D-42B3-B5F7-E343E1101CDF", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.15:exp3:*:*:*:*:*:*", "matchCriteriaId": "F2D3D5D9-97D1-44C6-B3BE-C9CFC1451FD6", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.15.1:*:*:*:*:*:*:*", "matchCriteriaId": "3F5C252C-76F7-492F-AFFB-3BE2A63EE22E", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.15.6:*:*:*:*:*:*:*", "matchCriteriaId": "233F5902-0AF1-4417-8C97-34C9B64C09AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.15.7:*:*:*:*:*:*:*", "matchCriteriaId": "5D613D7E-4456-4F47-9F13-F5D746F8715B", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.15.8:*:*:*:*:*:*:*", "matchCriteriaId": "6DBD6821-E6C3-4F76-89C9-19478D8EB13A", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.15.9:*:*:*:*:*:*:*", "matchCriteriaId": "2E7D4F82-45B9-4FC9-85C5-3F5E3966A243", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:advanced_package_tool:0.8.15.10:*:*:*:*:*:*:*", "matchCriteriaId": "475F9461-71F5-4E01-9399-E0413390A423", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-middle (MITM) attack."}, {"lang": "es", "value": "APT v0.7.x antes de v0.7.25 y v0.8.x antes de v0.8.16, cuando se utiliza el apt-key net-update para importar archivos de claves, se basa en el orden de los argumentos GnuPG y no verifica subclaves GPG, lo que podr\u00eda permitir a atacantes remotos instalar paquetes de caballos de troya a trav\u00e9s de un ataque man-in-the-middle (MITM)."}], "id": "CVE-2012-3587", "lastModified": "2026-04-29T01:13:23.040", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-06-19T20:55:08.007", "references": [{"source": "cve@mitre.org", "url": "http://seclists.org/fulldisclosure/2012/Jun/267"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-1475-1"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-1477-1"}, {"source": "cve@mitre.org", "url": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013128"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2012/Jun/267"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-1475-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-1477-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013128"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}