CVE-2009-1358
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
21/04/2009
Last modified:
09/04/2025
Description
apt-get in apt before 0.7.21 does not check for the correct error code from gpgv, which causes apt to treat a repository as valid even when it has been signed with a key that has been revoked or expired, which might allow remote attackers to trick apt into installing malicious repositories.
Impact
Base Score 2.0
10.00
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:debian:advanced_package_tool:*:*:*:*:*:*:*:* | 0.7.20 (including) | |
| cpe:2.3:a:debian:advanced_package_tool:0.7.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:debian:advanced_package_tool:0.7.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:debian:advanced_package_tool:0.7.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:debian:advanced_package_tool:0.7.2-0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:debian:advanced_package_tool:0.7.10:*:*:*:*:*:*:* | ||
| cpe:2.3:a:debian:advanced_package_tool:0.7.11:*:*:*:*:*:*:* | ||
| cpe:2.3:a:debian:advanced_package_tool:0.7.12:*:*:*:*:*:*:* | ||
| cpe:2.3:a:debian:advanced_package_tool:0.7.13:*:*:*:*:*:*:* | ||
| cpe:2.3:a:debian:advanced_package_tool:0.7.14:*:*:*:*:*:*:* | ||
| cpe:2.3:a:debian:advanced_package_tool:0.7.15:*:*:*:*:*:*:* | ||
| cpe:2.3:a:debian:advanced_package_tool:0.7.15:exp1:*:*:*:*:*:* | ||
| cpe:2.3:a:debian:advanced_package_tool:0.7.15:exp2:*:*:*:*:*:* | ||
| cpe:2.3:a:debian:advanced_package_tool:0.7.15:exp3:*:*:*:*:*:* | ||
| cpe:2.3:a:debian:advanced_package_tool:0.7.16:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=433091
- http://secunia.com/advisories/34829
- http://secunia.com/advisories/34832
- http://secunia.com/advisories/34874
- http://www.debian.org/security/2009/dsa-1779
- http://www.securityfocus.com/bid/34630
- https://bugs.launchpad.net/ubuntu/+source/apt/+bug/356012
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50086
- https://usn.ubuntu.com/762-1/
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=433091
- http://secunia.com/advisories/34829
- http://secunia.com/advisories/34832
- http://secunia.com/advisories/34874
- http://www.debian.org/security/2009/dsa-1779
- http://www.securityfocus.com/bid/34630
- https://bugs.launchpad.net/ubuntu/+source/apt/+bug/356012
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50086
- https://usn.ubuntu.com/762-1/