Vulnerability Details : CVE-2009-1358
apt-get in apt before 0.7.21 does not check for the correct error code from gpgv, which causes apt to treat a repository as valid even when it has been signed with a key that has been revoked or expired, which might allow remote attackers to trick apt into installing malicious repositories.
Products affected by CVE-2009-1358
- cpe:2.3:a:debian:apt:0.7.9:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.7.8:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.6.46.1:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.6.46:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.6.45:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.6.43.2:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.6.43.1:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.6.40.1:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.6.40:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.6.33:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.6.32:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.6.27:ubuntu2:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.6.27:ubuntu1:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.6.20:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.6.19:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.6.11:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.6.10:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.5.30:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.5.29:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.5.22:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.5.21:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.5.14:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.5.13:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.5.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.3.18:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.3.17:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.3.9:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.0.15-0.2bo:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.0.15-0.1bo:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.7.7:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.6.46.4-0.1:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.6.44.2:exp1:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.6.44.2:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.6.43:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.6.42.3:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.6.39:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.6.38:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.6.31:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.6.30:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.6.27:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.6.25:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.6.18:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.6.17:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.6.9:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.6.8:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.5.28:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.5.20:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.5.19:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.5.12:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.5.11:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.3.16:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.3.15:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.6.46.3:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.6.46.2:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.6.44:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.6.43.3:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.6.42:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.6.41:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.6.36:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.6.35:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.6.34:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.6.27:ubuntu4:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.6.27:ubuntu3:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.6.22:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.6.21:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.6.13:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.6.12:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.5.30:ubuntu2:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.5.30:ubuntu1:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.5.24:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.5.23:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.5.16:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.5.15:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.5.8:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.3.19:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.3.12:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.3.11:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.0.17-1:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.0.16-1:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.6.46.3-0.2:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.6.46.3-0.1:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.6.44.1-0.1:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.6.44.1:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.6.42.2:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.6.42.1:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.6.37:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.6.36:ubuntu1:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.6.29:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.6.28:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.6.24:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.6.23:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.6.16:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.6.15:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.6.14:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.6.7:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.5.32:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.5.31:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.5.27:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.5.26:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.5.25:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.5.18:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.5.17:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.5.10:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.5.9:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.3.14:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.3.13:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.1:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.0.13-bo1:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:debian:apt:0.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:debian:advanced_package_tool:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:advanced_package_tool:0.7.21:*:*:*:*:*:*:*
- cpe:2.3:a:debian:advanced_package_tool:0.7.19:*:*:*:*:*:*:*
- cpe:2.3:a:debian:advanced_package_tool:0.7.16:*:*:*:*:*:*:*
- cpe:2.3:a:debian:advanced_package_tool:0.7.15:*:*:*:*:*:*:*
- cpe:2.3:a:debian:advanced_package_tool:0.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:debian:advanced_package_tool:0.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:debian:advanced_package_tool:0.7.18:*:*:*:*:*:*:*
- cpe:2.3:a:debian:advanced_package_tool:0.7.17:*:*:*:*:*:*:*
- cpe:2.3:a:debian:advanced_package_tool:0.7.15:exp2:*:*:*:*:*:*
- cpe:2.3:a:debian:advanced_package_tool:0.7.15:exp1:*:*:*:*:*:*
- cpe:2.3:a:debian:advanced_package_tool:0.7.14:*:*:*:*:*:*:*
- cpe:2.3:a:debian:advanced_package_tool:0.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:debian:advanced_package_tool:0.7.15:exp3:*:*:*:*:*:*
- cpe:2.3:a:debian:advanced_package_tool:0.7.20.2:*:*:*:*:*:*:*
- cpe:2.3:a:debian:advanced_package_tool:0.7.20.1:*:*:*:*:*:*:*
- cpe:2.3:a:debian:advanced_package_tool:0.7.17:exp2:*:*:*:*:*:*
- cpe:2.3:a:debian:advanced_package_tool:0.7.17:exp1:*:*:*:*:*:*
- cpe:2.3:a:debian:advanced_package_tool:0.7.11:*:*:*:*:*:*:*
- cpe:2.3:a:debian:advanced_package_tool:0.7.10:*:*:*:*:*:*:*
- cpe:2.3:a:debian:advanced_package_tool:0.7.2-0.1:*:*:*:*:*:*:*
- cpe:2.3:a:debian:advanced_package_tool:0.7.17:exp4:*:*:*:*:*:*
- cpe:2.3:a:debian:advanced_package_tool:0.7.17:exp3:*:*:*:*:*:*
- cpe:2.3:a:debian:advanced_package_tool:0.7.13:*:*:*:*:*:*:*
- cpe:2.3:a:debian:advanced_package_tool:0.7.12:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2009-1358
2.27%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 88 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-1358
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
References for CVE-2009-1358
-
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=433091
#433091 - ignores expiry of archive keys - Debian Bug report logs
-
https://usn.ubuntu.com/762-1/
404: Page not found | Ubuntu
-
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/356012
Bug #356012 “APT does not properly handle expired or revoked key...” : Bugs : apt package : Ubuntu
-
http://www.debian.org/security/2009/dsa-1779
[SECURITY] [DSA 1779-1] New apt packages fix several vulnerabilities
-
http://www.securityfocus.com/bid/34630
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/50086
apt apt-get gpgv security bypass CVE-2009-1358 Vulnerability Report
Jump to