CVE-2011-3374
Published: 26 November 2019
It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.
Priority
CVSS 3 base score: 3.7
Notes
Author | Note |
---|---|
sbeattie | Ubuntu specific, debian does not enable net-update. After CVE-2012-0954, net-update was disabled permanently in apt 0.9.6ubuntu3 |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3374
- http://seclists.org/fulldisclosure/2011/Sep/221
- NVD
- Launchpad
- Debian