Информационная безопасность
[RU] switch to English


Обход защиты в apt
дополнено с 10 марта 2012 г.
Опубликовано:24 марта 2013 г.
Источник:
SecurityVulns ID:12244
Тип:m-i-t-m
Уровень опасности:
4/10
Описание:При использовании репозиторием файлов InRelease возможна атака man-in-the-middle.
Затронутые продукты:APT : apt 0.8
CVE:CVE-2013-1051 (apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify packages before installation via unknown vectors, possibly related to integrity checking and the use of third-party repositories.)
 CVE-2012-0214 (The pkgAcqMetaClearSig::Failed method in apt-pkg/acquire-item.cc in Advanced Package Tool (APT) 0.8.11 through 0.8.15.10 and 0.8.16 before 0.8.16~exp13, when updating from repositories that use InRelease files, allows man-in-the-middle attackers to install arbitrary packages by preventing a user from downloading the new InRelease file, which leaves the original InRelease file active and makes it more difficult to detect that the Packages file is modified and unsigned.)
Оригинальный текстdocumentUBUNTU, [USN-1762-1] APT vulnerability (24.03.2013)
 documentUBUNTU, [USN-1385-1] APT vulnerability (10.03.2012)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород