Authentication Flaw in APT Affects Multiple Versions
CVE-2014-0488

Currently unrated

Key Information:

Vendor: Debian
Status: Advanced Package Tool
Vendor: CVE Published:; 3 November 2014

What is CVE-2014-0488?

An issue in APT versions prior to 1.0.9 allows for an opportunity where repository data is not properly invalidated when transitioning from an unauthenticated to an authenticated state. This flaw can potentially be exploited by remote attackers, leading to unauthorized access and manipulation of repository data. Users of affected versions are advised to upgrade to ensure secure transitions during package updates.

References

http://secunia.com/advisories/61286

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/advisories/61275

third-party-advisoryx_refsource_SECUNIA

http://ubuntu.com/usn/usn-2348-1

vendor-advisoryx_refsource_UBUNTU

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 3, 2014
Vulnerability Reserved
Dec 19, 2013

Debian

What is CVE-2014-0488?

References

Timeline