Vulnerability CVE-2014-0490


Published: 2014-11-03

Description:
The apt-get download command in APT before 1.0.9 does not properly validate signatures for packages, which allows remote attackers to execute arbitrary code via a crafted package.

Type:

CWE-20

(Improper Input Validation)

Vendor: Debian
Product: APT 
Version:
1.0.8
1.0.7
1.0.6
1.0.5
1.0.4
1.0.3

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://ubuntu.com/usn/usn-2348-1
http://www.debian.org/security/2014/dsa-3025
http://secunia.com/advisories/61286
http://secunia.com/advisories/61275

Related CVE
CVE-2019-12474
Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Privileged API responses that include whether a recent change has been patrolled may be cached publicly. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
CVE-2019-12466
Wikimedia MediaWiki through 1.32.1 allows CSRF.
CVE-2019-13345
The cachemgr.cgi web module of Squid through 4.7 has XSS via the user_name or auth parameter.
CVE-2019-13232
Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a "better zip bomb" issue.
CVE-2019-7165
A buffer overflow in DOSBox 0.74-2 allows attackers to execute arbitrary code.
CVE-2019-12594
DOSBox 0.74-2 has Incorrect Access Control.
CVE-2019-12781
An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the proxy connects to Django vi...
CVE-2019-13031
LemonLDAP::NG before 1.9.20 has an XML External Entity (XXE) issue when submitting a notification to the notification server. By default, the notification server is not enabled and has a "deny all" rule.

Copyright 2019, cxsecurity.com

 

Back to Top