Home > Cyber News > CVE-2019-3462: Linux APT Package Manager Can Be Hacked Remotely Due to Critical Flaw

CVE-2019-3462: Linux APT Package Manager Can Be Hacked Remotely Due to Critical Flaw

A dangerous flaw has been discovered in the APT package manager for Linux distributions which allows hackers to remotely hack target machines. The issue is being tracked in the CVE-2019-3462 advisory which gives further information about the vulnerability. The affected versions of the APT package manager doesn’t sanitize certain some of the HTTP redirect parameters which allows for man-in-the-middle attacks to take place. This is particularly dangerous as the APT system used by some of the most popular distributions: Debian, Ubuntu, Linux Mint and others.

CVE-2019-3462: The APT Package Manager Is Vulnerable to Man-In-The-Middle Attacks

The APT package manager has been found to contain a dangerous vulnerability allowing criminals to hack the affected systems. As this is one of the most widely used systems for managing software on Linux distributions this affects a very large percentage of all users of the operating system. The problem was announced with the release of the CVE-2019-3462 advisory. The discovery was made by Max Justicz who took notice that the program handles incorrectly certain HTTP parameters when a redirect occurs. When such situations occur attackers can take advantage of this and perform man-in-the-middle attacks. This will led to the possibility of delivering changed packages, likely to contain malicious code.

Related: [wplinkpreview url=”https://sensorstechforum.com/cve-2018-16864-three-vulnerabilities-systemd-journald/”]Three Vulnerabilities in systemd-journald Discovered (CVE-2018-16864)

The APT flaw does not check for any new lines and arbitrary headers can be inserted into the results that are returned to the main process. If a man-in-the-middle attack is orchestrated then APT can be tricked into thinking that there are now new updates.

The researcher notes in his blog post that that by default Ubuntu and Debian use plain HTTP repositories out-of-the-box. He motions that the HTTPS is by-design a more secure default which can safeguard against certain bugs.

Soon after the vulnerability was disclosed the Debian security team patched the issue and a fix has been released to all users. Subsequently all other distributions that use the package manager have placed it in their repositories. All users are urged to update their systems in order to protect themselves from possible hack attempts.

Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree