Vulnerability CVE-2016-1252


Published: 2017-12-05

Description:
The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a repository-signing protection mechanism by leveraging improper error handling when validating InRelease file signatures.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
APT Repository Signing Bypass via Memory Allocation Failure
Google Security ...
15.12.2016

Type:

CWE-417

(Channel and Path Errors)

Vendor: Debian
Product: APT 
Version:
1.3.2
1.3.1
1.2_exp1
1.2.9
1.2.8
1.2.7
1.2.6
1.2.5
1.2.4
1.2.3
1.2.25
1.2.24
1.2.23
1.2.22
1.2.21
1.2.20
1.2.2
1.2.19
1.2.18
1.2.17
1.2.16
1.2.15
1.2.14
1.2.13
1.2.12
1.2.11
1.2.10
1.2.1
1.1_exp16
1.1_exp15
1.1_exp14
1.1.exp9
1.1.exp8
1.1.exp7
1.1.exp6
1.1.exp5
1.1.exp4
1.1.exp3
1.1.exp2
1.1.exp13
1.1.exp12
1.1.exp11
1.1.exp10
1.1.exp1
1.1.9
1.1.8
1.1.7
1.1.6
1.1.5
1.1.4
1.1.3
1.1.2
1.1.10
1.1.1
1.0.9.9ubuntu1
1.0.9.9
1.0.9.8.4
1.0.9.8.3
1.0.9.8.2
1.0.9.8.1
1.0.9.8
1.0.9.7ubuntu5
1.0.9.7ubuntu4
1.0.9.7ubuntu3
1.0.9.7ubuntu2
1.0.9.7ubuntu1
1.0.9.7
1.0.9.6
1.0.9.5
1.0.9.4
1.0.9.3ubuntu1
1.0.9.3
1.0.9.2ubuntu2
1.0.9.2ubuntu1
1.0.9.2
1.0.9.10ubuntu7
1.0.9.10ubuntu5
1.0.9.10ubuntu1
1.0.9.10
1.0.9.1
1.0.8ubuntu1
1.0.8
1.0.7
1.0.6
1.0.5
1.0.4ubuntu4
1.0.4ubuntu3
1.0.4ubuntu2
1.0.4ubuntu1
1.0.4
1.0.3
1.0.2ubuntu1
1.0.2
1.0.1ubuntu2.2
1.0.1ubuntu2.1
1.0.1ubuntu2
1.0.1ubuntu1
1.0.10.2ubuntu1
1.0.10.2
1.0.10.1
See more versions on NVD

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

 References:
http://packetstormsecurity.com/files/140145/apt-Repository-Signing-Bypass.html
http://www.ubuntu.com/usn/USN-3156-1
https://bugs.chromium.org/p/project-zero/issues/detail?id=1020
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1647467
https://www.debian.org/security/2016/dsa-3733
https://www.exploit-db.com/exploits/40916/

Related CVE
CVE-2019-12474
Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Privileged API responses that include whether a recent change has been patrolled may be cached publicly. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
CVE-2019-12466
Wikimedia MediaWiki through 1.32.1 allows CSRF.
CVE-2019-13345
The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_name or auth parameter.
CVE-2019-13232
Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a "better zip bomb" issue.
CVE-2019-7165
A buffer overflow in DOSBox 0.74-2 allows attackers to execute arbitrary code.
CVE-2019-12594
DOSBox 0.74-2 has Incorrect Access Control.
CVE-2019-12781
An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the proxy connects to Django vi...
CVE-2019-13031
LemonLDAP::NG before 1.9.20 has an XML External Entity (XXE) issue when submitting a notification to the notification server. By default, the notification server is not enabled and has a "deny all" rule.

Copyright 2019, cxsecurity.com

 

Back to Top