Описание
The apt-get download command in APT before 1.0.9 does not properly validate signatures for packages, which allows remote attackers to execute arbitrary code via a crafted package.
Ссылки
- PatchVendor Advisory
- Vendor Advisory
- PatchVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.0.8 (включая)
Одновременно
Одно из
cpe:2.3:a:debian:advanced_package_tool:*:*:*:*:*:*:*:*
cpe:2.3:a:debian:advanced_package_tool:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:debian:advanced_package_tool:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:debian:advanced_package_tool:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:debian:advanced_package_tool:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:debian:advanced_package_tool:1.0.7:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
EPSS
Процентиль: 71%
0.00688
Низкий
7.5 High
CVSS2
Дефекты
CWE-20
Связанные уязвимости
ubuntu
больше 11 лет назад
The apt-get download command in APT before 1.0.9 does not properly validate signatures for packages, which allows remote attackers to execute arbitrary code via a crafted package.
debian
больше 11 лет назад
The apt-get download command in APT before 1.0.9 does not properly val ...
github
больше 3 лет назад
The apt-get download command in APT before 1.0.9 does not properly validate signatures for packages, which allows remote attackers to execute arbitrary code via a crafted package.
EPSS
Процентиль: 71%
0.00688
Низкий
7.5 High
CVSS2
Дефекты
CWE-20