Arbitrary Code Injection in apt

Do your applications use this vulnerable package? Test your applications

Overview

Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine.

References

Apache Security Advisory
Debian Security Advisory
Debian Security Announcement
Debian Security Announcement
Debian Security Tracker
Netapp Security Advisory
Security Focus
Ubuntu CVE Tracker
Ubuntu Security Advisory
Ubuntu Security Advisory

Attack Vector

Network
Attack Complexity

High
Privileges Required

None
User Interaction

None
Scope

Unchanged
Confidentiality

High
Integrity

High
Availability

High

Arbitrary Code Injection
Affecting apt package, versions <1.0.9.8.5

Overview

References

CVSS Score

Arbitrary Code Injection Affecting apt package, versions <1.0.9.8.5

Overview

References

Arbitrary Code Injection
Affecting apt package, versions <1.0.9.8.5