CVE-2014-0489
APT - Remote Code Execution via Crafted Package with Acquire::GzipIndexes Option
Title source: manualDescription
APT before 1.0.9, when the Acquire::GzipIndexes option is enabled, does not validate checksums, which allows remote attackers to execute arbitrary code via a crafted package.
References (4)
Core 4
Core References
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/61286
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/61275
Patch, Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://ubuntu.com/usn/usn-2348-1
Vendor Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2014/dsa-3025
Scores
EPSS
0.0361
EPSS Percentile
88.1%
Details
CWE
CWE-20
Status
published
Products (3)
debian/advanced_package_tool
1.0.3
debian/advanced_package_tool
1.0.5
debian/advanced_package_tool
1.0.7
Published
Nov 03, 2014
Tracked Since
Feb 18, 2026