CVE-2014-0490

advanced_package_tool < 1.0.8 - Remote Code Execution via Unvalidated Package Signatures

Title source: manual
STIX 2.1

Description

The apt-get download command in APT before 1.0.9 does not properly validate signatures for packages, which allows remote attackers to execute arbitrary code via a crafted package.

References (4)

Core 4
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/61286
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/61275
Patch, Vendor Advisory vendor-advisory x_refsource_ubuntu
http://ubuntu.com/usn/usn-2348-1
Vendor Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2014/dsa-3025

Scores

EPSS 0.0361
EPSS Percentile 88.1%

Details

CWE
CWE-20
Status published
Products (6)
debian/advanced_package_tool 1.0.3
debian/advanced_package_tool 1.0.4
debian/advanced_package_tool 1.0.5
debian/advanced_package_tool 1.0.6
debian/advanced_package_tool 1.0.7
debian/advanced_package_tool < 1.0.8
Published Nov 03, 2014
Tracked Since Feb 18, 2026