TechBizWebTechBizWeb

    Subscribe to Updates

    Get the latest news about Technology and Business from all around the web..

    What's Hot

    Bataclan terrorist handed life sentence by Paris court

    June 29, 2022

    The Xiaomi Mi 12S Ultra will use a huge 1-inch camera sensor co-developed with Sony

    June 29, 2022

    Crypto hedge fund Three Arrows falls into liquidation

    June 29, 2022
    Facebook Twitter Instagram
    • About Us
    • Privacy Policy
    • Guest Post
    • Terms
    • Contact
    Facebook Twitter Instagram
    TechBizWebTechBizWeb
    Subscribe
    • Home
    • Technology

      The Xiaomi Mi 12S Ultra will use a huge 1-inch camera sensor co-developed with Sony

      June 29, 2022

      Electric vehicle companies have a serious quality problem

      June 29, 2022

      Apple promises “white glove experiences” for its most helpful community members

      June 29, 2022

      Amazon’s Paper Girls series messes with the timeline in first trailer

      June 29, 2022

      The NuraTrue Pro are the first wireless earbuds to support aptX Lossless streaming

      June 29, 2022
    • Business
    • Cyber Security

      IC3 issues warning on deepfake use in remote work applications

      June 29, 2022

      Kurt John named Chief Security Officer at Expedia

      June 29, 2022

      Why insider threats pose unique risks to national security

      June 29, 2022

      Does AI materially impact cybersecurity strategies?

      June 29, 2022

      Hybrid work transition reveals low enterprise cybersecurity confidence

      June 28, 2022
    • Blockchain
    • Vulnerabilities
    • Social Engineering
    • Malware
    • Cyber Security Alerts
    TechBizWebTechBizWeb
    Home»Cyber Security»Code Execution Vulnerability Impacts Linux Package Manager
    Cyber Security

    Code Execution Vulnerability Impacts Linux Package Manager

    January 23, 2019Updated:January 23, 2019No Comments2 Mins Read
    Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp
    Share
    Facebook Twitter LinkedIn Pinterest Email


    A remote code execution vulnerability was recently discovered in APT, the high level package manager used in many Linux distributions. 

    Tracked as CVE-2019-3462, the software bug could be exploited by hackers able to perform network man-in-the-middle (MitM) attacks to inject content and have it executed on the target machine with root privileges. Malicious package mirrors can also exploit the bug. 

    “The code handling HTTP redirects in the HTTP transport method doesn’t properly sanitize fields transmitted over the wire. This vulnerability could be used by an attacker located as a man-in-the-middle between APT and a mirror to inject malicious content in the HTTP connection,” a Debian Security Advisory detailing the vulnerability reads. 

    The issue, security researcher Max Justicz explains, is that, when the HTTP server responds with a redirect, APT’s worker process returns a 103 Redirect instead of a 201 URI Done, and the HTTP fetcher process URL-decodes the HTTP Location header and blindly appends it to the 103 Redirect response.

    “The parent process will trust the hashes returned in the injected 201 URI Done response, and compare them with the values from the signed package manifest. Since the attacker controls the reported hashes, they can use this vulnerability to convincingly forge any package,” the researcher notes. 

    APT version 1.6.y, which is present in some Ubuntu distributions, doesn’t just blindly append the URI, but the researcher did find an injection vulnerability in the subsequent 600 URI Acquire requests made to the HTTP fetcher process.

    The vulnerability impacts the APT package manager itself, and users are advised to disable redirects in order to prevent exploitation when upgrading to the latest version, which also contains a patch for the vulnerability. 

    Users who cannot upgrade using APT without redirect can manually download the files (using wget/curl) for their architecture using specific URLs included in the Debian Security Advisory. File hashes are also provided, to check if they match those for the downloaded files. 

    “For the stable distribution (stretch), this problem has been fixed in version 1.4.9. We recommend that you upgrade your apt packages,” the Debian Security Advisory reads. 

    Related: Code Execution in Alpine Linux Impacts Containers

    Related: Malicious ESLint Packages Steal Software Registry Login Tokens

    Ionut Arghire is an international correspondent for SecurityWeek.

    Previous Columns by Ionut Arghire:
    Tags:



    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

    Related Posts

    IC3 issues warning on deepfake use in remote work applications

    June 29, 2022 Cyber Security

    Kurt John named Chief Security Officer at Expedia

    June 29, 2022 Cyber Security

    Why insider threats pose unique risks to national security

    June 29, 2022 Cyber Security

    Does AI materially impact cybersecurity strategies?

    June 29, 2022 Cyber Security

    Hybrid work transition reveals low enterprise cybersecurity confidence

    June 28, 2022 Cyber Security

    Ransomware in Q1 2022 doubled total 2021 volume

    June 28, 2022 Cyber Security
    Editors Picks

    The Xiaomi Mi 12S Ultra will use a huge 1-inch camera sensor co-developed with Sony

    June 29, 2022

    Crypto hedge fund Three Arrows falls into liquidation

    June 29, 2022

    Electric vehicle companies have a serious quality problem

    June 29, 2022

    Ben & Jerry’s sales to continue in Israel after Unilever sells licence

    June 29, 2022
    Trending Now

    EU states agree deal to push for tougher climate measures

    By techbizweb

    The NuraTrue Pro are the first wireless earbuds to support aptX Lossless streaming

    By techbizweb

    French star Kylian Mbappé backs NFT fantasy football start-up Sorare

    By techbizweb

    https://www.nationalsportsacademy.com

    slot gacor hari ini

    http://www.inadesfo.org/

    http://www.eueomgbissau.org/

    http://www.congo-mai-mai.net/

    http://www.angelesdelafrontera.org/

    http://fifaworldcup2018schedule.com/

    http://tony4gtrmcr.co.uk/

    http://www.standrewsagreement.org/

    http://www.bob-russell.co.uk/

    http://davidmulholland.co.uk/

    http://railwayhotelenniskillen.com/

    http://www.fantasysportstrades.com/

    http://www.rainleaf-flooring.com

    http://mothersagainstguns.org/

    http://ma-coc.org/

    slot online

    http://www.paradoxmag.com/situs-judi-slot-online-gampang-menang-2021/

    http://www.paradoxmag.com/situs-judi-slot-online-terbaru-2021/

    http://slot-terbaru.net/

    Slot Gacor

    Slot Online

    Situs Slot Gacor

    http://www.appdexterity.com/

    https://cars4kids-deutschland.de/

    https://www.stretchingculture.com/

    https://www.b-123-hp.com/slot-gacor/

    https://denzstaffing.nl/

    https://ezbbqcooking.com/slot-gacor/

    https://www.mbahelp24.com/slot-gacor

    https://minhtanstore.com/slot-jackpot-terbesar/

    https://njbpusupplierdiversity.com/slot-gacor-gampang-menang/

    https://www.floridaspecialtycropfoundation.org/slot-gampang-menang/

    https://childrenscornerpreschool.org/slot-gacor-gampang-menang/

    https://cryptoquoter.com/slot-online-terbaik/

    https://alorkantho24.com/slot-gacor/

    https://ellas.xyz/slot-gacor/

    https://it.dougamatome.xyz/slot-online/

    https://www.daltercume.com/slot-gacor/

    https://josi-ana.dougamatome.xyz/slot88/

    https://josi-ana.dougamatome.xyz/slot-gacor/

    https://fastobserver.com/slot-jackpot-terbesar/

    https://www.planetexperts.com/slot-gacor/

    https://bfsolution.group/slot-bet-kecil/

    https://rustleva.co/slot/

    https://bfsolution.group/slot-bet-kecil/

    https://www.hotelcalimareal.com/togel-online/

    https://anime-game.dougamatome.xyz/slot-gacor-gampang-menang/

    https://anime-game.dougamatome.xyz/togel-online/

    https://bourbonbarrelfoods.com/slot/

    http://suneo39.wp.xdomain.jp/slot/

    https://techbizweb.com/slot-gacor/

    https://www.generalcatalyst.com/18-daftar-slot-gacor-terbaik-gampang-menang-jackpot-hari-ini/

    https://www.hotelcalimareal.com/slot-online/

    https://www.blockgates.io/slot-gacor/

    https://l12.com.br/slot-gacor/

    slot paling gacor

    https://www.donalds-hobby.com/slot-online/

    https://thecryptodirt.com/slot-gacor-hari-ini/

    http://iseta.edu.ar/aulavirtual/app/upload/users/1/1205/my_files/sbobet.html

    http://escuelavirtual.mincit.gov.co/app/upload/users/1/194/my_files/slot.html

    https://www.dev.medecinesfax.org/courses/JUDICASINO/document/slot.html

    http://www.e-archivos.org/cursos/courses/JUDICASINO/document/slot-gacor.html

    http://iesma.com.br/ead/main/upload/users/4/447/my_files/slot.html

    https://www.fundacoop.org/chamilo/app/upload/users/1/1185/my_files/slot.html

    https://fata-aatf.org/eskola/main/upload/users/3/31/my_files/slot.html

    https://uancv.edu.pe/ofinvestigacion/app/upload/users/3/328/my_files/slot-terlengkap.html

    https://micost.edu.my/EL/app/upload/users/2/209/my_files/slot-gacor.html

    https://www.academiacoderdojo.ro/elearningdev/app/upload/users/2/2442/my_files/slot-online.html

    http://campus-cidci.ulg.ac.be/courses/JUDICASINO/document/slot-termurah.html

    https://www.escueladerobotica.misiones.gob.ar/aula-ste/courses/LIVECASINO/document/slot-tergacor.html

    http://ccdipeepccqqfar.usac.edu.gt/chamilo/app/upload/users/3/358/my_files/slot-online.html

    https://cunori.edu.gt/campus/app/upload/users/7/7334/my_files/slot-online.html

    http://u-rus.com.ar/aula/app/upload/users/1/1322/my_files/slot.html

    http://icrodarisoveria.edu.it/chamilo/app/upload/users/1/1855/my_files/slot.html

    https://iestpliliagutierrez.edu.pe/clarolgm/courses/CASINO/document/slot.html

    http://pva.cobach.edu.mx/app/upload/users/7/7379/my_files/slot.html

    http://www.imb-pc-online.edu.gt/PL/app/upload/users/3/373/my_files/slot.html

    http://avcs.upeu.edu.pe/main/upload/users/3333/my_files/slot.html

    https://chamilo.fca.uas.edu.mx/app/upload/users/1/11186/my_files/slot-online/

    TechBizWeb
    Facebook Twitter Instagram Pinterest Vimeo YouTube
    • Home
    • Guest Post
    • About Us
    • Privacy Policy
    • Our Authors
    • Terms and Conditions
    • Contact
    © 2022 Tech Biz Web. Developed by Sawah Dev.

    Type above and press Enter to search. Press Esc to cancel.