A dangerous flaw has been discovered in the APT package manager for Linux distributions which allows hackers to remotely hack target machines. The issue is being tracked in the CVE-2019-3462 advisory which gives further information about the vulnerability. The affected versions of the APT package manager doesn’t sanitize certain some of the HTTP redirect parameters which allows for man-in-the-middle attacks to take place. This is particularly dangerous as the APT system used by some of the most popular distributions: Debian, Ubuntu, Linux Mint and others.
CVE-2019-3462: The APT Package Manager Is Vulnerable to Man-In-The-Middle Attacks
The APT package manager has been found to contain a dangerous vulnerability allowing criminals to hack the affected systems. As this is one of the most widely used systems for managing software on Linux distributions this affects a very large percentage of all users of the operating system. The problem was announced with the release of the CVE-2019-3462 advisory. The discovery was made by Max Justicz who took notice that the program handles incorrectly certain HTTP parameters when a redirect occurs. When such situations occur attackers can take advantage of this and perform man-in-the-middle attacks. This will led to the possibility of delivering changed packages, likely to contain malicious code.
The APT flaw does not check for any new lines and arbitrary headers can be inserted into the results that are returned to the main process. If a man-in-the-middle attack is orchestrated then APT can be tricked into thinking that there are now new updates.
The researcher notes in his blog post that that by default Ubuntu and Debian use plain HTTP repositories out-of-the-box. He motions that the HTTPS is by-design a more secure default which can safeguard against certain bugs.
Soon after the vulnerability was disclosed the Debian security team patched the issue and a fix has been released to all users. Subsequently all other distributions that use the package manager have placed it in their repositories. All users are urged to update their systems in order to protect themselves from possible hack attempts.