Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and previous versions can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
debian advanced package tool |
||
canonical ubuntu linux 16.04 |
||
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 12.04 |
||
canonical ubuntu linux 18.04 |
||
canonical ubuntu linux 18.10 |
||
debian debian linux 8.0 |
||
debian debian linux 9.0 |
||
netapp element software - |
||
netapp active iq - |
Disable redirects before applying update The D in SystemD stands for Dammmit... Security holes found in much-adored Linux toolkit
The Debian Project has patched a security flaw in its software manager Apt that can be exploited by network snoops to execute commands as root on victims' boxes as they update or install packages. The Linux distro's curators have pushed out an fix to address CVE-2019-3462, a vulnerability uncovered and reported by researcher Max Justicz. The flaw is related to the way Apt and apt-get handle HTTP redirects when downloading packages. Apt fetches packages over plain-old HTTP, rather than a more sec...