File Verification Flaw in APT Package Management Tool by Ubuntu
CVE-2014-0487

Currently unrated

Key Information:

Vendor: Debian
Status: Advanced Package Tool
Vendor: CVE Published:; 3 November 2014

Summary

The APT package management tool prior to version 1.0.9 has a flaw in its file verification process. Specifically, it fails to confirm the integrity of downloaded files when the If-Modified-Since header is used, leaving systems susceptible to potential unauthorized modifications. This could enable attackers to deliver compromised software versions without detection, undermining system security and integrity. It is vital for users and administrators to ensure they upgrade to the patched versions to mitigate the risk of exploitation.

References

http://secunia.com/advisories/61286

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/advisories/61275

third-party-advisoryx_refsource_SECUNIA

http://ubuntu.com/usn/usn-2348-1

vendor-advisoryx_refsource_UBUNTU

Timeline

Vulnerability published
Nov 3, 2014
Vulnerability Reserved
Dec 19, 2013