Man-in-the-Middle Vulnerability in apt Package Manager by Ubuntu
CVE-2013-1051

Currently unrated

Key Information:

Vendor: Debian
Status: Apt; Advanced Package Tool
Vendor: CVE Published:; 21 March 2013

Summary

The vulnerability in the apt package manager versions 0.8.16, 0.9.7, and potentially others, arises due to inadequate handling of InRelease files. This shortcoming allows attackers to intercept and modify packages before installation. The flaws are associated with the integrity checks and reliance on third-party repositories, which could lead to malicious packages being introduced into the installation process.

References

http://osvdb.org/91428

vdb-entryx_refsource_OSVDB

http://www.ubuntu.com/usn/USN-1762-1

vendor-advisoryx_refsource_UBUNTU

http://secunia.com/advisories/52633

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Mar 21, 2013