CVE-2012-0944 Information

Description

Aptdaemon 0.43 and earlier in Ubuntu 11.04 11.10 and 12.04 LTS does not authenticate packages when the transaction is not simulated which allows remote attackers to install arbitrary packages via a man-in-the-middle attack.

Reference

http://secunia.com/advisories/48688 http://ubuntu.com/usn/usn-1414-1 http://www.osvdb.org/80887 http://www.securityfocus.com/bid/52855 https://bugs.launchpad.net/ubuntu/2Bsource/aptdaemon/2Bbug/959131 https://exchange.xforce.ibmcloud.com/vulnerabilities/74553