Buffer Overflow in APT Affects Ubuntu and Debian Products
CVE-2014-6273

Currently unrated

Key Information:

Vendor: Debian
Status: Advanced Package Tool
Vendor: CVE Published:; 30 September 2014

Summary

A buffer overflow vulnerability exists in the HTTP transport code of APT, specifically in versions 1.0.1 and earlier, that can make systems susceptible to man-in-the-middle attacks. This flaw allows attackers to craft malicious URLs that may lead to denial of service through system crashes or potentially enable the execution of arbitrary code. Users are advised to upgrade to patched versions to mitigate risks associated with this vulnerability.

References

http://www.ubuntu.com/usn/USN-2353-1

vendor-advisoryx_refsource_UBUNTU

http://www.securityfocus.com/bid/70075

vdb-entryx_refsource_BID

http://secunia.com/advisories/61710

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Sep 30, 2014
Vulnerability Reserved
Sep 9, 2014