Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в apt
дополнено с 21 сентября 2014 г.
Опубликовано:25 сентября 2014 г.
Источник:
SecurityVulns ID:13975
Тип:m-i-t-m
Уровень опасности:
5/10
Описание:Обход защиты, обход ограничений.
Затронутые продукты:APT : apt 1.0
CVE:CVE-2014-6273 (Buffer overflow in the HTTP transport code in apt-get in APT 1.0.1 and earlier allows man-in-the-middle attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted URL.)
 CVE-2014-0490 (The apt-get download command in APT before 1.0.9 does not properly validate signatures for packages, which allows remote attackers to execute arbitrary code via a crafted package.)
 CVE-2014-0489 (APT before 1.0.9, when the Acquire::GzipIndexes option is enabled, does not validate checksums, which allows remote attackers to execute arbitrary code via a crafted package.)
 CVE-2014-0488 (APT before 1.0.9 does not "invalidate repository data" when moving from an unauthenticated to authenticated state, which allows remote attackers to have unspecified impact via crafted repository data.)
 CVE-2014-0487 (APT before 1.0.9 does not verify downloaded files if they have been modified as indicated using the If-Modified-Since header, which has unspecified impact and attack vectors.)
Оригинальный текстdocumentUBUNTU, [USN-2353-1] APT vulnerability (25.09.2014)
 documentUBUNTU, [USN-2348-1] APT vulnerabilities (21.09.2014)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород