Vulnerability Details CVE-2009-1358
apt-get in apt before 0.7.21 does not check for the correct error code from gpgv, which causes apt to treat a repository as valid even when it has been signed with a key that has been revoked or expired, which might allow remote attackers to trick apt into installing malicious repositories.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.014
EPSS Ranking 79.1%
CVSS Severity
CVSS v2 Score 10.0
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=433091
- http://secunia.com/advisories/34829
- http://secunia.com/advisories/34832
- http://secunia.com/advisories/34874
- http://www.debian.org/security/2009/dsa-1779
- http://www.securityfocus.com/bid/34630
- https://bugs.launchpad.net/ubuntu/+source/apt/+bug/356012
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50086
- https://usn.ubuntu.com/762-1/
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=433091
- http://secunia.com/advisories/34829
- http://secunia.com/advisories/34832
- http://secunia.com/advisories/34874
- http://www.debian.org/security/2009/dsa-1779
- http://www.securityfocus.com/bid/34630
- https://bugs.launchpad.net/ubuntu/+source/apt/+bug/356012
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50086
- https://usn.ubuntu.com/762-1/
Products affected by CVE-2009-1358
-
cpe:2.3:a:debian:advanced_package_tool:0.7.0
-
cpe:2.3:a:debian:advanced_package_tool:0.7.1
-
cpe:2.3:a:debian:advanced_package_tool:0.7.10
-
cpe:2.3:a:debian:advanced_package_tool:0.7.11
-
cpe:2.3:a:debian:advanced_package_tool:0.7.12
-
cpe:2.3:a:debian:advanced_package_tool:0.7.13
-
cpe:2.3:a:debian:advanced_package_tool:0.7.14
-
cpe:2.3:a:debian:advanced_package_tool:0.7.15
-
cpe:2.3:a:debian:advanced_package_tool:0.7.16
-
cpe:2.3:a:debian:advanced_package_tool:0.7.17
-
cpe:2.3:a:debian:advanced_package_tool:0.7.18
-
cpe:2.3:a:debian:advanced_package_tool:0.7.19
-
cpe:2.3:a:debian:advanced_package_tool:0.7.2
-
cpe:2.3:a:debian:advanced_package_tool:0.7.2-0.1
-
cpe:2.3:a:debian:advanced_package_tool:0.7.20
-
cpe:2.3:a:debian:advanced_package_tool:0.7.20.1
-
cpe:2.3:a:debian:advanced_package_tool:0.7.20.2
-
cpe:2.3:a:debian:advanced_package_tool:0.7.21
-
cpe:2.3:a:debian:apt:0.0.1
-
cpe:2.3:a:debian:apt:0.0.10
-
cpe:2.3:a:debian:apt:0.0.11
-
cpe:2.3:a:debian:apt:0.0.12
-
cpe:2.3:a:debian:apt:0.0.13
-
cpe:2.3:a:debian:apt:0.0.13-bo1
-
cpe:2.3:a:debian:apt:0.0.14
-
cpe:2.3:a:debian:apt:0.0.15
-
cpe:2.3:a:debian:apt:0.0.15-0.1bo
-
cpe:2.3:a:debian:apt:0.0.15-0.2bo
-
cpe:2.3:a:debian:apt:0.0.16-1
-
cpe:2.3:a:debian:apt:0.0.17-1
-
cpe:2.3:a:debian:apt:0.0.2
-
cpe:2.3:a:debian:apt:0.0.3
-
cpe:2.3:a:debian:apt:0.0.4
-
cpe:2.3:a:debian:apt:0.0.5
-
cpe:2.3:a:debian:apt:0.0.6
-
cpe:2.3:a:debian:apt:0.0.7
-
cpe:2.3:a:debian:apt:0.0.8
-
cpe:2.3:a:debian:apt:0.0.9
-
cpe:2.3:a:debian:apt:0.1
-
cpe:2.3:a:debian:apt:0.1.1
-
cpe:2.3:a:debian:apt:0.1.3
-
cpe:2.3:a:debian:apt:0.1.5
-
cpe:2.3:a:debian:apt:0.1.6
-
cpe:2.3:a:debian:apt:0.1.7
-
cpe:2.3:a:debian:apt:0.1.9
-
cpe:2.3:a:debian:apt:0.3.0
-
cpe:2.3:a:debian:apt:0.3.1
-
cpe:2.3:a:debian:apt:0.3.11
-
cpe:2.3:a:debian:apt:0.3.12
-
cpe:2.3:a:debian:apt:0.3.13
-
cpe:2.3:a:debian:apt:0.3.14
-
cpe:2.3:a:debian:apt:0.3.15
-
cpe:2.3:a:debian:apt:0.3.16
-
cpe:2.3:a:debian:apt:0.3.17
-
cpe:2.3:a:debian:apt:0.3.18
-
cpe:2.3:a:debian:apt:0.3.19
-
cpe:2.3:a:debian:apt:0.3.2
-
cpe:2.3:a:debian:apt:0.3.3
-
cpe:2.3:a:debian:apt:0.3.4
-
cpe:2.3:a:debian:apt:0.3.6
-
cpe:2.3:a:debian:apt:0.3.7
-
cpe:2.3:a:debian:apt:0.3.9
-
cpe:2.3:a:debian:apt:0.5.0
-
cpe:2.3:a:debian:apt:0.5.1
-
cpe:2.3:a:debian:apt:0.5.10
-
cpe:2.3:a:debian:apt:0.5.11
-
cpe:2.3:a:debian:apt:0.5.12
-
cpe:2.3:a:debian:apt:0.5.13
-
cpe:2.3:a:debian:apt:0.5.14
-
cpe:2.3:a:debian:apt:0.5.15
-
cpe:2.3:a:debian:apt:0.5.16
-
cpe:2.3:a:debian:apt:0.5.17
-
cpe:2.3:a:debian:apt:0.5.18
-
cpe:2.3:a:debian:apt:0.5.19
-
cpe:2.3:a:debian:apt:0.5.2
-
cpe:2.3:a:debian:apt:0.5.20
-
cpe:2.3:a:debian:apt:0.5.21
-
cpe:2.3:a:debian:apt:0.5.22
-
cpe:2.3:a:debian:apt:0.5.23
-
cpe:2.3:a:debian:apt:0.5.24
-
cpe:2.3:a:debian:apt:0.5.25
-
cpe:2.3:a:debian:apt:0.5.26
-
cpe:2.3:a:debian:apt:0.5.27
-
cpe:2.3:a:debian:apt:0.5.28
-
cpe:2.3:a:debian:apt:0.5.29
-
cpe:2.3:a:debian:apt:0.5.3
-
cpe:2.3:a:debian:apt:0.5.30
-
cpe:2.3:a:debian:apt:0.5.31
-
cpe:2.3:a:debian:apt:0.5.32
-
cpe:2.3:a:debian:apt:0.5.4
-
cpe:2.3:a:debian:apt:0.5.5
-
cpe:2.3:a:debian:apt:0.5.5.1
-
cpe:2.3:a:debian:apt:0.5.6
-
cpe:2.3:a:debian:apt:0.5.7
-
cpe:2.3:a:debian:apt:0.5.8
-
cpe:2.3:a:debian:apt:0.5.9
-
cpe:2.3:a:debian:apt:0.6.0
-
cpe:2.3:a:debian:apt:0.6.1
-
cpe:2.3:a:debian:apt:0.6.10
-
cpe:2.3:a:debian:apt:0.6.11
-
cpe:2.3:a:debian:apt:0.6.12
-
cpe:2.3:a:debian:apt:0.6.13
-
cpe:2.3:a:debian:apt:0.6.14
-
cpe:2.3:a:debian:apt:0.6.15
-
cpe:2.3:a:debian:apt:0.6.16
-
cpe:2.3:a:debian:apt:0.6.17
-
cpe:2.3:a:debian:apt:0.6.18
-
cpe:2.3:a:debian:apt:0.6.19
-
cpe:2.3:a:debian:apt:0.6.2
-
cpe:2.3:a:debian:apt:0.6.20
-
cpe:2.3:a:debian:apt:0.6.21
-
cpe:2.3:a:debian:apt:0.6.22
-
cpe:2.3:a:debian:apt:0.6.23
-
cpe:2.3:a:debian:apt:0.6.24
-
cpe:2.3:a:debian:apt:0.6.25
-
cpe:2.3:a:debian:apt:0.6.27
-
cpe:2.3:a:debian:apt:0.6.28
-
cpe:2.3:a:debian:apt:0.6.29
-
cpe:2.3:a:debian:apt:0.6.3
-
cpe:2.3:a:debian:apt:0.6.30
-
cpe:2.3:a:debian:apt:0.6.31
-
cpe:2.3:a:debian:apt:0.6.32
-
cpe:2.3:a:debian:apt:0.6.33
-
cpe:2.3:a:debian:apt:0.6.34
-
cpe:2.3:a:debian:apt:0.6.35
-
cpe:2.3:a:debian:apt:0.6.36
-
cpe:2.3:a:debian:apt:0.6.37
-
cpe:2.3:a:debian:apt:0.6.38
-
cpe:2.3:a:debian:apt:0.6.39
-
cpe:2.3:a:debian:apt:0.6.4
-
cpe:2.3:a:debian:apt:0.6.40
-
cpe:2.3:a:debian:apt:0.6.40.1
-
cpe:2.3:a:debian:apt:0.6.41
-
cpe:2.3:a:debian:apt:0.6.42
-
cpe:2.3:a:debian:apt:0.6.42.1
-
cpe:2.3:a:debian:apt:0.6.42.2
-
cpe:2.3:a:debian:apt:0.6.42.3
-
cpe:2.3:a:debian:apt:0.6.43
-
cpe:2.3:a:debian:apt:0.6.43.1
-
cpe:2.3:a:debian:apt:0.6.43.2
-
cpe:2.3:a:debian:apt:0.6.43.3
-
cpe:2.3:a:debian:apt:0.6.44
-
cpe:2.3:a:debian:apt:0.6.44.1
-
cpe:2.3:a:debian:apt:0.6.44.1-0.1
-
cpe:2.3:a:debian:apt:0.6.44.2
-
cpe:2.3:a:debian:apt:0.6.45
-
cpe:2.3:a:debian:apt:0.6.46
-
cpe:2.3:a:debian:apt:0.6.46.1
-
cpe:2.3:a:debian:apt:0.6.46.2
-
cpe:2.3:a:debian:apt:0.6.46.3
-
cpe:2.3:a:debian:apt:0.6.46.3-0.1
-
cpe:2.3:a:debian:apt:0.6.46.3-0.2
-
cpe:2.3:a:debian:apt:0.6.46.4-0.1
-
cpe:2.3:a:debian:apt:0.6.5
-
cpe:2.3:a:debian:apt:0.6.6
-
cpe:2.3:a:debian:apt:0.6.7
-
cpe:2.3:a:debian:apt:0.6.8
-
cpe:2.3:a:debian:apt:0.6.9
-
cpe:2.3:a:debian:apt:0.7.3
-
cpe:2.3:a:debian:apt:0.7.4
-
cpe:2.3:a:debian:apt:0.7.5
-
cpe:2.3:a:debian:apt:0.7.6
-
cpe:2.3:a:debian:apt:0.7.7
-
cpe:2.3:a:debian:apt:0.7.8
-
cpe:2.3:a:debian:apt:0.7.9