Heads up: Debian's package manager is APT for root-level malware injection... Fix out now to thwart MITM hijacks

www.theregister.co.uk | 1/22/2019 | Staff
acegabriellaaceacegabriellaace (Posted by) Level 3
in General
Click For Photo: https://regmedia.co.uk/2016/10/11/damaged_box.jpg

The Debian Project has patched a security flaw in its software manager Apt that can be exploited by miscreants to execute commands as root on victims' boxes as they update or install packages.

The Linux distro's curators have pushed out an fix to address CVE-2019-3462, a vulnerability uncovered and reported by researcher Max Justicz.

Flaw - Way - Apt - Handle - HTTP

The flaw is related to the way Apt and apt-get handle HTTP redirects when downloading packages. Apt fetches packages over plain-old HTTP, rather than a more secure HTTPS connection, and uses cryptographic signatures to check whether the downloaded contents are legit and haven't been tampered with.

This unfortunately means a man-in-the-middle (MITM) attacker who was able to intercept a victim's network connection could inject a redirect into the HTTP headers to change the URL used to fetch the package. And the hacker would be able to control the hashes used by Apt to check the downloaded package, passing the package manager legit values to masquerade the fetched malware as sanctioned software. All in all, users can be fed malware that's run as root during installation, allowing it to commandeer the machine.

Vulnerability - Apt

"I found a vulnerability in apt that allows...
(Excerpt) Read more at: www.theregister.co.uk
50 Top Stories Breaking Now!
Where The World Finds Its News - LongRoom News!
Wake Up To Breaking News!
Hell sometimes looks an awful lot like an office cubicle.
Sign In or Register to comment.

Welcome to Long Room!

Where The World Finds Its News!

Sign In Register
Categories