CVE-2009-1358

Description

apt-get in apt before 0.7.21 does not check for the correct error code from gpgv, which causes apt to treat a repository as valid even when it has been signed with a key that has been revoked or expired, which might allow remote attackers to trick apt into installing malicious repositories.

Affected products

• Debian / advanced_package_tool0.7.20
• Debian / advanced_package_tool0.7.0 – 0.7.0
• Debian / advanced_package_tool0.7.1 – 0.7.1
• Debian / advanced_package_tool0.7.2 – 0.7.2
• Debian / advanced_package_tool0.7.2-0.1 – 0.7.2-0.1
• Debian / advanced_package_tool0.7.10 – 0.7.10
• Debian / advanced_package_tool0.7.11 – 0.7.11
• Debian / advanced_package_tool0.7.12 – 0.7.12
• Debian / advanced_package_tool0.7.13 – 0.7.13
• Debian / advanced_package_tool0.7.14 – 0.7.14
• Debian / advanced_package_tool0.7.15 – 0.7.15
• Debian / advanced_package_tool0.7.15 – 0.7.15
• Debian / advanced_package_tool0.7.15 – 0.7.15
• Debian / advanced_package_tool0.7.15 – 0.7.15
• Debian / advanced_package_tool0.7.16 – 0.7.16
• Debian / advanced_package_tool0.7.17 – 0.7.17
• Debian / advanced_package_tool0.7.17 – 0.7.17
• Debian / advanced_package_tool0.7.17 – 0.7.17
• Debian / advanced_package_tool0.7.17 – 0.7.17
• Debian / advanced_package_tool0.7.17 – 0.7.17
• Debian / advanced_package_tool0.7.18 – 0.7.18
• Debian / advanced_package_tool0.7.19 – 0.7.19
• Debian / advanced_package_tool0.7.20.1 – 0.7.20.1
• Debian / advanced_package_tool0.7.20.2 – 0.7.20.2
• Debian / advanced_package_tool0.7.21 – 0.7.21
• Debian / apt0.0.1 – 0.0.1
• Debian / apt0.0.2 – 0.0.2
• Debian / apt0.0.3 – 0.0.3
• Debian / apt0.0.4 – 0.0.4
• Debian / apt0.0.5 – 0.0.5
• Debian / apt0.0.6 – 0.0.6
• Debian / apt0.0.7 – 0.0.7
• Debian / apt0.0.8 – 0.0.8
• Debian / apt0.0.9 – 0.0.9
• Debian / apt0.0.10 – 0.0.10
• Debian / apt0.0.11 – 0.0.11
• Debian / apt0.0.12 – 0.0.12
• Debian / apt0.0.13 – 0.0.13
• Debian / apt0.0.13-bo1 – 0.0.13-bo1
• Debian / apt0.0.14 – 0.0.14
• Debian / apt0.0.15 – 0.0.15
• Debian / apt0.0.15-0.1bo – 0.0.15-0.1bo
• Debian / apt0.0.15-0.2bo – 0.0.15-0.2bo
• Debian / apt0.0.16-1 – 0.0.16-1
• Debian / apt0.0.17-1 – 0.0.17-1
• Debian / apt0.1 – 0.1
• Debian / apt0.1.1 – 0.1.1
• Debian / apt0.1.3 – 0.1.3
• Debian / apt0.1.5 – 0.1.5
• Debian / apt0.1.6 – 0.1.6
• Debian / apt0.1.7 – 0.1.7
• Debian / apt0.1.9 – 0.1.9
• Debian / apt0.3.0 – 0.3.0
• Debian / apt0.3.1 – 0.3.1
• Debian / apt0.3.2 – 0.3.2
• Debian / apt0.3.3 – 0.3.3
• Debian / apt0.3.4 – 0.3.4
• Debian / apt0.3.6 – 0.3.6
• Debian / apt0.3.7 – 0.3.7
• Debian / apt0.3.9 – 0.3.9
• Debian / apt0.3.11 – 0.3.11
• Debian / apt0.3.12 – 0.3.12
• Debian / apt0.3.13 – 0.3.13
• Debian / apt0.3.14 – 0.3.14
• Debian / apt0.3.15 – 0.3.15
• Debian / apt0.3.16 – 0.3.16
• Debian / apt0.3.17 – 0.3.17
• Debian / apt0.3.18 – 0.3.18
• Debian / apt0.3.19 – 0.3.19
• Debian / apt0.5.0 – 0.5.0
• Debian / apt0.5.1 – 0.5.1
• Debian / apt0.5.2 – 0.5.2
• Debian / apt0.5.3 – 0.5.3
• Debian / apt0.5.4 – 0.5.4
• Debian / apt0.5.5 – 0.5.5
• Debian / apt0.5.5.1 – 0.5.5.1
• Debian / apt0.5.6 – 0.5.6
• Debian / apt0.5.7 – 0.5.7
• Debian / apt0.5.8 – 0.5.8
• Debian / apt0.5.9 – 0.5.9
• Debian / apt0.5.10 – 0.5.10
• Debian / apt0.5.11 – 0.5.11
• Debian / apt0.5.12 – 0.5.12
• Debian / apt0.5.13 – 0.5.13
• Debian / apt0.5.14 – 0.5.14
• Debian / apt0.5.15 – 0.5.15
• Debian / apt0.5.16 – 0.5.16
• Debian / apt0.5.17 – 0.5.17
• Debian / apt0.5.18 – 0.5.18
• Debian / apt0.5.19 – 0.5.19
• Debian / apt0.5.20 – 0.5.20
• Debian / apt0.5.21 – 0.5.21
• Debian / apt0.5.22 – 0.5.22
• Debian / apt0.5.23 – 0.5.23
• Debian / apt0.5.24 – 0.5.24
• Debian / apt0.5.25 – 0.5.25
• Debian / apt0.5.26 – 0.5.26
• Debian / apt0.5.27 – 0.5.27
• Debian / apt0.5.28 – 0.5.28
• Debian / apt0.5.29 – 0.5.29
• Debian / apt0.5.30 – 0.5.30
• Debian / apt0.5.30 – 0.5.30
• Debian / apt0.5.30 – 0.5.30
• Debian / apt0.5.31 – 0.5.31
• Debian / apt0.5.32 – 0.5.32
• Debian / apt0.6.0 – 0.6.0
• Debian / apt0.6.1 – 0.6.1
• Debian / apt0.6.2 – 0.6.2
• Debian / apt0.6.3 – 0.6.3
• Debian / apt0.6.4 – 0.6.4
• Debian / apt0.6.5 – 0.6.5
• Debian / apt0.6.6 – 0.6.6
• Debian / apt0.6.7 – 0.6.7
• Debian / apt0.6.8 – 0.6.8
• Debian / apt0.6.9 – 0.6.9
• Debian / apt0.6.10 – 0.6.10
• Debian / apt0.6.11 – 0.6.11
• Debian / apt0.6.12 – 0.6.12
• Debian / apt0.6.13 – 0.6.13
• Debian / apt0.6.14 – 0.6.14
• Debian / apt0.6.15 – 0.6.15
• Debian / apt0.6.16 – 0.6.16
• Debian / apt0.6.17 – 0.6.17
• Debian / apt0.6.18 – 0.6.18
• Debian / apt0.6.19 – 0.6.19
• Debian / apt0.6.20 – 0.6.20
• Debian / apt0.6.21 – 0.6.21
• Debian / apt0.6.22 – 0.6.22
• Debian / apt0.6.23 – 0.6.23
• Debian / apt0.6.24 – 0.6.24
• Debian / apt0.6.25 – 0.6.25
• Debian / apt0.6.27 – 0.6.27
• Debian / apt0.6.27 – 0.6.27
• Debian / apt0.6.27 – 0.6.27
• Debian / apt0.6.27 – 0.6.27
• Debian / apt0.6.27 – 0.6.27
• Debian / apt0.6.28 – 0.6.28
• Debian / apt0.6.29 – 0.6.29
• Debian / apt0.6.30 – 0.6.30
• Debian / apt0.6.31 – 0.6.31
• Debian / apt0.6.32 – 0.6.32
• Debian / apt0.6.33 – 0.6.33
• Debian / apt0.6.34 – 0.6.34
• Debian / apt0.6.35 – 0.6.35
• Debian / apt0.6.36 – 0.6.36
• Debian / apt0.6.36 – 0.6.36
• Debian / apt0.6.37 – 0.6.37
• Debian / apt0.6.38 – 0.6.38
• Debian / apt0.6.39 – 0.6.39
• Debian / apt0.6.40 – 0.6.40
• Debian / apt0.6.40.1 – 0.6.40.1
• Debian / apt0.6.41 – 0.6.41
• Debian / apt0.6.42 – 0.6.42
• Debian / apt0.6.42.1 – 0.6.42.1
• Debian / apt0.6.42.2 – 0.6.42.2
• Debian / apt0.6.42.3 – 0.6.42.3
• Debian / apt0.6.43 – 0.6.43
• Debian / apt0.6.43.1 – 0.6.43.1
• Debian / apt0.6.43.2 – 0.6.43.2
• Debian / apt0.6.43.3 – 0.6.43.3
• Debian / apt0.6.44 – 0.6.44
• Debian / apt0.6.44.1 – 0.6.44.1
• Debian / apt0.6.44.1-0.1 – 0.6.44.1-0.1
• Debian / apt0.6.44.2 – 0.6.44.2
• Debian / apt0.6.44.2 – 0.6.44.2
• Debian / apt0.6.45 – 0.6.45
• Debian / apt0.6.46 – 0.6.46
• Debian / apt0.6.46.1 – 0.6.46.1
• Debian / apt0.6.46.2 – 0.6.46.2
• Debian / apt0.6.46.3 – 0.6.46.3
• Debian / apt0.6.46.3-0.1 – 0.6.46.3-0.1
• Debian / apt0.6.46.3-0.2 – 0.6.46.3-0.2
• Debian / apt0.6.46.4-0.1 – 0.6.46.4-0.1
• Debian / apt0.7.3 – 0.7.3
• Debian / apt0.7.4 – 0.7.4
• Debian / apt0.7.5 – 0.7.5
• Debian / apt0.7.6 – 0.7.6
• Debian / apt0.7.7 – 0.7.7
• Debian / apt0.7.8 – 0.7.8
• Debian / apt0.7.9 – 0.7.9

References

• VENDOR_ADVISORYhttp://secunia.com/advisories/34874
• VENDOR_ADVISORYhttp://www.debian.org/security/2009/dsa-1779
• VENDOR_ADVISORYhttp://secunia.com/advisories/34829
• MISChttp://www.securityfocus.com/bid/34630
• VENDOR_ADVISORYhttp://secunia.com/advisories/34832
• MISChttps://bugs.launchpad.net/ubuntu/+source/apt/+bug/356012
• VENDOR_ADVISORYhttps://usn.ubuntu.com/762-1/
• VENDOR_ADVISORYhttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=433091
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/50086