CVE-2019-3462: Linux APT Package Manager Can Be Hacked Remotely Due to Critical Flaw
NEWS

CVE-2019-3462: Linux APT Package Manager Can Be Hacked Remotely Due to Critical Flaw

A dangerous flaw has been discovered in the APT package manager for Linux distributions which allows hackers to remotely hack target machines. The issue is being tracked in the CVE-2019-3462 advisory which gives further information about the vulnerability. The affected versions of the APT package manager doesn’t sanitize certain some of the HTTP redirect parameters which allows for man-in-the-middle attacks to take place. This is particularly dangerous as the APT system used by some of the most popular distributions: Debian, Ubuntu, Linux Mint and others.

CVE-2019-3462: The APT Package Manager Is Vulnerable to Man-In-The-Middle Attacks

The APT package manager has been found to contain a dangerous vulnerability allowing criminals to hack the affected systems. As this is one of the most widely used systems for managing software on Linux distributions this affects a very large percentage of all users of the operating system. The problem was announced with the release of the CVE-2019-3462 advisory. The discovery was made by Max Justicz who took notice that the program handles incorrectly certain HTTP parameters when a redirect occurs. When such situations occur attackers can take advantage of this and perform man-in-the-middle attacks. This will led to the possibility of delivering changed packages, likely to contain malicious code.

Related:
Three vulnerabilities in a component of system have been discovered by researchers at Qualys: CVE-2018-16864, CVE-2018-16865, and CVE-2018-16866.
Three Vulnerabilities in systemd-journald Discovered (CVE-2018-16864)

The APT flaw does not check for any new lines and arbitrary headers can be inserted into the results that are returned to the main process. If a man-in-the-middle attack is orchestrated then APT can be tricked into thinking that there are now new updates.

The researcher notes in his blog post that that by default Ubuntu and Debian use plain HTTP repositories out-of-the-box. He motions that the HTTPS is by-design a more secure default which can safeguard against certain bugs.

Soon after the vulnerability was disclosed the Debian security team patched the issue and a fix has been released to all users. Subsequently all other distributions that use the package manager have placed it in their repositories. All users are urged to update their systems in order to protect themselves from possible hack attempts.

Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

More Posts - Website

Follow Me:
TwitterGoogle Plus

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...