CVE-2014-0490
advanced_package_tool < 1.0.8 - Remote Code Execution via Unvalidated Package Signatures
Title source: manualDescription
The apt-get download command in APT before 1.0.9 does not properly validate signatures for packages, which allows remote attackers to execute arbitrary code via a crafted package.
References (4)
Core 4
Core References
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/61286
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/61275
Patch, Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://ubuntu.com/usn/usn-2348-1
Vendor Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2014/dsa-3025
Scores
EPSS
0.0361
EPSS Percentile
88.1%
Details
CWE
CWE-20
Status
published
Products (6)
debian/advanced_package_tool
1.0.3
debian/advanced_package_tool
1.0.4
debian/advanced_package_tool
1.0.5
debian/advanced_package_tool
1.0.6
debian/advanced_package_tool
1.0.7
debian/advanced_package_tool
< 1.0.8
Published
Nov 03, 2014
Tracked Since
Feb 18, 2026