Computer Security
[EN] securityvulns.ru no-pyccku


apt protection bypass
updated since 10.03.2012
Published:24.03.2013
Source:
SecurityVulns ID:12244
Type:m-i-t-m
Threat Level:
4/10
Description:Man-in-the middle attack is possible against repository if InRelease files are used.
Affected:APT : apt 0.8
CVE:CVE-2013-1051 (apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify packages before installation via unknown vectors, possibly related to integrity checking and the use of third-party repositories.)
 CVE-2012-0214 (The pkgAcqMetaClearSig::Failed method in apt-pkg/acquire-item.cc in Advanced Package Tool (APT) 0.8.11 through 0.8.15.10 and 0.8.16 before 0.8.16~exp13, when updating from repositories that use InRelease files, allows man-in-the-middle attackers to install arbitrary packages by preventing a user from downloading the new InRelease file, which leaves the original InRelease file active and makes it more difficult to detect that the Packages file is modified and unsigned.)
Original documentdocumentUBUNTU, [USN-1762-1] APT vulnerability (24.03.2013)
 documentUBUNTU, [USN-1385-1] APT vulnerability (10.03.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod