CVE-2012-0944 - Formalistic Killing

Description

Aptdaemon 0.43 and earlier in Ubuntu 11.04 11.10 and 12.04 LTS does not authenticate packages when the transaction is not simulated which allows remote attackers to install arbitrary packages via a man-in-the-middle attack.

Reference

http://www.securityfocus.com/bid/52855 http://www.osvdb.org/80887 http://secunia.com/advisories/48688 http://ubuntu.com/usn/usn-1414-1 https://bugs.launchpad.net/ubuntu/%2Bsource/aptdaemon/%2Bbug/959131 https://exchange.xforce.ibmcloud.com/vulnerabilities/74553