Vulnerability CVE-2016-1252


Published: 2017-12-05

Description:
The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a repository-signing protection mechanism by leveraging improper error handling when validating InRelease file signatures.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
APT Repository Signing Bypass via Memory Allocation Failure
Google Security ...
15.12.2016

Type:

CWE-417

(Channel and Path Errors)

Vendor: Debian
Product: APT 
Version:
1.3.2
1.3.1
1.2_exp1
1.2.9
1.2.8
1.2.7
1.2.6
1.2.5
1.2.4
1.2.3
1.2.25
1.2.24
1.2.23
1.2.22
1.2.21
1.2.20
1.2.2
1.2.19
1.2.18
1.2.17
1.2.16
1.2.15
1.2.14
1.2.13
1.2.12
1.2.11
1.2.10
1.2.1
1.1_exp16
1.1_exp15
1.1_exp14
1.1.exp9
1.1.exp8
1.1.exp7
1.1.exp6
1.1.exp5
1.1.exp4
1.1.exp3
1.1.exp2
1.1.exp13
1.1.exp12
1.1.exp11
1.1.exp10
1.1.exp1
1.1.9
1.1.8
1.1.7
1.1.6
1.1.5
1.1.4
1.1.3
1.1.2
1.1.10
1.1.1
1.0.9.9ubuntu1
1.0.9.9
1.0.9.8.4
1.0.9.8.3
1.0.9.8.2
1.0.9.8.1
1.0.9.8
1.0.9.7ubuntu5
1.0.9.7ubuntu4
1.0.9.7ubuntu3
1.0.9.7ubuntu2
1.0.9.7ubuntu1
1.0.9.7
1.0.9.6
1.0.9.5
1.0.9.4
1.0.9.3ubuntu1
1.0.9.3
1.0.9.2ubuntu2
1.0.9.2ubuntu1
1.0.9.2
1.0.9.10ubuntu7
1.0.9.10ubuntu5
1.0.9.10ubuntu1
1.0.9.10
1.0.9.1
1.0.8ubuntu1
1.0.8
1.0.7
1.0.6
1.0.5
1.0.4ubuntu4
1.0.4ubuntu3
1.0.4ubuntu2
1.0.4ubuntu1
1.0.4
1.0.3
1.0.2ubuntu1
1.0.2
1.0.1ubuntu2.2
1.0.1ubuntu2.1
1.0.1ubuntu2
1.0.1ubuntu1
1.0.10.2ubuntu1
1.0.10.2
1.0.10.1
See more versions on NVD

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

 References:
http://packetstormsecurity.com/files/140145/apt-Repository-Signing-Bypass.html
http://www.ubuntu.com/usn/USN-3156-1
https://bugs.chromium.org/p/project-zero/issues/detail?id=1020
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1647467
https://www.debian.org/security/2016/dsa-3733
https://www.exploit-db.com/exploits/40916/

Related CVE
CVE-2019-15846
Exim before 4.92.2 allows remote attackers to execute arbitrary code as root via a trailing backslash.
CVE-2019-15892
An issue was discovered in Varnish Cache before 6.0.4 LTS, and 6.1.x and 6.2.x before 6.2.1. An HTTP/1 parsing failure allows a remote attacker to trigger an assert by sending crafted HTTP/1 requests. The assert will cause an automatic restart with a...
CVE-2019-10197
A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared ...
CVE-2015-9383
FreeType before 2.6.2 has a heap-based buffer over-read in tt_cmap14_validate in sfnt/ttcmap.c.
CVE-2015-9382
FreeType before 2.6.1 has a buffer over-read in skip_comment in psaux/psobjs.c because ps_parser_skip_PS_token is mishandled in an FT_New_Memory_Face operation.
CVE-2015-9381
FreeType before 2.6.1 has a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c.
CVE-2019-14970
A vulnerability in mkv::event_thread_t in VideoLAN VLC media player 3.0.7.1 allows remote attackers to trigger a heap-based buffer overflow via a crafted .mkv file.
CVE-2019-14778
The mkv::virtual_segment_c::seek method of demux/mkv/virtual_segment.cpp in VideoLAN VLC media player 3.0.7.1 has a use-after-free.

Copyright 2019, cxsecurity.com

 

Back to Top