Debian apt CVE-2019-3462 Remote Code Execution Vulnerability
BID:106690
CVE-2019-3462 |Info
Debian apt CVE-2019-3462 Remote Code Execution Vulnerability
| Bugtraq ID: | 106690 |
| Class: | Design Error |
| CVE: |
CVE-2019-3462 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 22 2019 12:00AM |
| Updated: | Jan 22 2019 12:00AM |
| Credit: | Max Justicz |
| Vulnerable: |
Debian apt 1.4.8 Debian apt 1.4.7 Debian apt 1.4.6 Debian apt 1.4.5 Debian apt 1.4.4 Debian apt 1.4.3 |
| Not Vulnerable: |
Debian apt 1.4.9 |
Discussion
Debian apt CVE-2019-3462 Remote Code Execution Vulnerability
Debian apt is prone to a remote code-execution vulnerability.
An attacker can exploit this issue to execute arbitrary code with root privileges. Failed exploit attempts will result in a denial-of-service condition.
Versions prior to Debian apt 1.4.9 are vulnerable.
Debian apt is prone to a remote code-execution vulnerability.
An attacker can exploit this issue to execute arbitrary code with root privileges. Failed exploit attempts will result in a denial-of-service condition.
Versions prior to Debian apt 1.4.9 are vulnerable.
Exploit / POC
Debian apt CVE-2019-3462 Remote Code Execution Vulnerability
The researcher who discovered this issue has created a proof-of-concept. Please see the references for more information.
The researcher who discovered this issue has created a proof-of-concept. Please see the references for more information.
Solution / Fix
Debian apt CVE-2019-3462 Remote Code Execution Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Debian apt CVE-2019-3462 Remote Code Execution Vulnerability
References:
References:
- Apt Homepage (Debian)
- Remote Code Execution in apt/apt-get (Max Justicz)
- SECURITY UPDATE: content injection in http method (CVE-2019-3462) (APT)