apt-get in apt before 0.7.21 does not check for the correct error code from gpgv, which causes apt to treat a repository as valid even when it has been signed with a key that has been revoked or expired, which might allow remote attackers to trick apt into installing malicious repositories.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C
Vendors Products
Debian
  • Advanced Package Tool
  • Apt

Configuration 1 [-]

OR cpe:2.3:a:debian:advanced_package_tool:*:*:*:*:*:*:*:*
cpe:2.3:a:debian:advanced_package_tool:0.7.0:*:*:*:*:*:*:*
cpe:2.3:a:debian:advanced_package_tool:0.7.1:*:*:*:*:*:*:*
cpe:2.3:a:debian:advanced_package_tool:0.7.2:*:*:*:*:*:*:*
cpe:2.3:a:debian:advanced_package_tool:0.7.2-0.1:*:*:*:*:*:*:*
cpe:2.3:a:debian:advanced_package_tool:0.7.10:*:*:*:*:*:*:*
cpe:2.3:a:debian:advanced_package_tool:0.7.11:*:*:*:*:*:*:*
cpe:2.3:a:debian:advanced_package_tool:0.7.12:*:*:*:*:*:*:*
cpe:2.3:a:debian:advanced_package_tool:0.7.13:*:*:*:*:*:*:*
cpe:2.3:a:debian:advanced_package_tool:0.7.14:*:*:*:*:*:*:*
cpe:2.3:a:debian:advanced_package_tool:0.7.15:*:*:*:*:*:*:*
cpe:2.3:a:debian:advanced_package_tool:0.7.15:exp1:*:*:*:*:*:*
cpe:2.3:a:debian:advanced_package_tool:0.7.15:exp2:*:*:*:*:*:*
cpe:2.3:a:debian:advanced_package_tool:0.7.15:exp3:*:*:*:*:*:*
cpe:2.3:a:debian:advanced_package_tool:0.7.16:*:*:*:*:*:*:*
cpe:2.3:a:debian:advanced_package_tool:0.7.17:*:*:*:*:*:*:*
cpe:2.3:a:debian:advanced_package_tool:0.7.17:exp1:*:*:*:*:*:*
cpe:2.3:a:debian:advanced_package_tool:0.7.17:exp2:*:*:*:*:*:*
cpe:2.3:a:debian:advanced_package_tool:0.7.17:exp3:*:*:*:*:*:*
cpe:2.3:a:debian:advanced_package_tool:0.7.17:exp4:*:*:*:*:*:*
cpe:2.3:a:debian:advanced_package_tool:0.7.18:*:*:*:*:*:*:*
cpe:2.3:a:debian:advanced_package_tool:0.7.19:*:*:*:*:*:*:*
cpe:2.3:a:debian:advanced_package_tool:0.7.20.1:*:*:*:*:*:*:*
cpe:2.3:a:debian:advanced_package_tool:0.7.20.2:*:*:*:*:*:*:*
cpe:2.3:a:debian:advanced_package_tool:0.7.21:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.0.2:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.0.3:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.0.4:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.0.5:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.0.6:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.0.7:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.0.8:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.0.9:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.0.10:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.0.11:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.0.12:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.0.13:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.0.13-bo1:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.0.14:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.0.15:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.0.15-0.1bo:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.0.15-0.2bo:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.0.16-1:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.0.17-1:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.1:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.1.1:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.1.3:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.1.5:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.1.6:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.1.7:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.1.9:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.3.1:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.3.2:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.3.3:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.3.4:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.3.6:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.3.7:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.3.9:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.3.11:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.3.12:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.3.13:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.3.14:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.3.15:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.3.16:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.3.17:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.3.18:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.3.19:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.5.0:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.5.1:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.5.2:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.5.3:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.5.4:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.5.5:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.5.5.1:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.5.6:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.5.7:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.5.8:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.5.9:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.5.10:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.5.11:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.5.12:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.5.13:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.5.14:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.5.15:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.5.16:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.5.17:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.5.18:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.5.19:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.5.20:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.5.21:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.5.22:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.5.23:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.5.24:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.5.25:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.5.26:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.5.27:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.5.28:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.5.29:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.5.30:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.5.30:ubuntu1:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.5.30:ubuntu2:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.5.31:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.5.32:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.6.0:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.6.1:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.6.2:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.6.3:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.6.4:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.6.5:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.6.6:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.6.7:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.6.8:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.6.9:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.6.10:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.6.11:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.6.12:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.6.13:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.6.14:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.6.15:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.6.16:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.6.17:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.6.18:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.6.19:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.6.20:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.6.21:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.6.22:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.6.23:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.6.24:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.6.25:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.6.27:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.6.27:ubuntu1:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.6.27:ubuntu2:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.6.27:ubuntu3:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.6.27:ubuntu4:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.6.28:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.6.29:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.6.30:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.6.31:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.6.32:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.6.33:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.6.34:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.6.35:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.6.36:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.6.36:ubuntu1:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.6.37:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.6.38:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.6.39:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.6.40:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.6.40.1:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.6.41:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.6.42:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.6.42.1:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.6.42.2:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.6.42.3:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.6.43:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.6.43.1:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.6.43.2:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.6.43.3:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.6.44:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.6.44.1:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.6.44.1-0.1:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.6.44.2:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.6.44.2:exp1:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.6.45:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.6.46:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.6.46.1:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.6.46.2:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.6.46.3:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.6.46.3-0.1:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.6.46.3-0.2:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.6.46.4-0.1:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.7.3:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.7.4:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.7.5:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.7.6:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.7.7:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.7.8:*:*:*:*:*:*:*
cpe:2.3:a:debian:apt:0.7.9:*:*:*:*:*:*:*
References
Link Resource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=433091
http://secunia.com/advisories/34829
http://secunia.com/advisories/34832
http://secunia.com/advisories/34874
http://www.debian.org/security/2009/dsa-1779
http://www.securityfocus.com/bid/34630
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/356012
https://exchange.xforce.ibmcloud.com/vulnerabilities/50086
https://usn.ubuntu.com/762-1/
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2009-04-21T23:00:00

Updated: 2018-10-03T20:57:01

Reserved: 2009-04-21T00:00:00

Link: CVE-2009-1358

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2009-04-21T23:30:00.217

Modified: 2020-01-08T15:11:46.297

Link: CVE-2009-1358

JSON object: View

cve-icon Redhat Information

No data.

CWE