CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:N/I:P/A:P
EPSS
Percentile
44.3%
Package : apt
Version : 0.8.10.3+squeeze2
CVE ID : CVE-2011-3634 CVE-2014-0478
Debian Bug : 749795
Jakub Wilk discovered that APT, the high level package manager,
did not properly perform authentication checks for source packages
downloaded via "apt-get source". This only affects use cases where
source packages are downloaded via this command; it does not
affect regular Debian package installation and upgrading.
(CVE-2014-0478)
It was discovered that APT incorrectly handled the Verify-Host
configuration option. If a remote attacker were able to perform a
man-in-the-middle attack, this flaw could potentially be used to steal
repository credentials. This only relevant for systems that use APT
sources on https connections (requires the apt-transport-https package
to be installed). (CVE-2011-3634)
Attachment:
signature.asc
Description: This is a digitally signed message part.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 7 | i386 | apt-transport-https | < 0.9.7.9+deb7u2 | apt-transport-https_0.9.7.9+deb7u2_i386.deb |
Debian | 7 | powerpc | libapt-inst1.5 | < 0.9.7.9+deb7u2 | libapt-inst1.5_0.9.7.9+deb7u2_powerpc.deb |
Debian | 7 | mips | libapt-pkg4.12 | < 0.9.7.9+deb7u2 | libapt-pkg4.12_0.9.7.9+deb7u2_mips.deb |
Debian | 7 | mips | apt | < 0.9.7.9+deb7u2 | apt_0.9.7.9+deb7u2_mips.deb |
Debian | 7 | mipsel | libapt-pkg4.12 | < 0.9.7.9+deb7u2 | libapt-pkg4.12_0.9.7.9+deb7u2_mipsel.deb |
Debian | 7 | amd64 | libapt-pkg-dev | < 0.9.7.9+deb7u2 | libapt-pkg-dev_0.9.7.9+deb7u2_amd64.deb |
Debian | 6 | amd64 | apt-utils | < 0.8.10.3+squeeze2 | apt-utils_0.8.10.3+squeeze2_amd64.deb |
Debian | 7 | mipsel | libapt-pkg-dev | < 0.9.7.9+deb7u2 | libapt-pkg-dev_0.9.7.9+deb7u2_mipsel.deb |
Debian | 7 | mips | libapt-pkg-dev | < 0.9.7.9+deb7u2 | libapt-pkg-dev_0.9.7.9+deb7u2_mips.deb |
Debian | 7 | i386 | libapt-pkg-dev | < 0.9.7.9+deb7u2 | libapt-pkg-dev_0.9.7.9+deb7u2_i386.deb |