Man-in-the-Middle Vulnerability in APT Package Manager by Debian and Ubuntu
CVE-2014-0478

Currently unrated

Key Information:

Vendor: Debian
Status: Advanced Package Tool
Vendor: CVE Published:; 17 June 2014

Summary

A vulnerability exists in the APT package manager prior to version 1.0.4, where insufficient validation of source packages enables man-in-the-middle attackers to manipulate package downloads. By stripping the Release signature, an attacker can force users to download and install malicious packages, potentially compromising system integrity and security.

References

http://secunia.com/advisories/58843

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/advisories/59358

third-party-advisoryx_refsource_SECUNIA

http://www.debian.org/security/2014/dsa-2958

vendor-advisoryx_refsource_DEBIAN

Timeline

Vulnerability published
Jun 17, 2014
Vulnerability Reserved
Dec 19, 2013