Skip to main content

Advanced Package Tool CVE-2013-1051

MEDIUM
Improper Input Validation (CWE-20)
2013-03-21 security@ubuntu.com
4.3
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:N/C:N/I:P/A:N
Attack Vector
Network
Attack Complexity
M
Confidentiality
None
Integrity
P
Availability
None

Lifecycle Timeline

1
CVE Published
Mar 21, 2013 - 17:55 cve.org
MEDIUM 4.3

DescriptionCVE.org

apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify packages before installation via unknown vectors, possibly related to integrity checking and the use of third-party repositories.

AnalysisAI

apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify packages before installation via unknown vectors, possibly. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-20. apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify packages before installation via unknown vectors, possibly related to integrity checking and the use of third-party repositories. Affected products include: Debian Advanced Package Tool, Debian Apt, Canonical Ubuntu Linux.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2016-1252 MEDIUM POC
5.9 Dec 05

The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu 14.04 LTS before 1.0.1

CVE-2019-3462 HIGH
8.1 Jan 28

Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to co

CVE-2014-0478 MEDIUM POC
4.0 Jun 17

APT before 1.0.4 does not properly validate source packages, which allows man-in-the-middle attackers to download and in

CVE-2014-0490 HIGH
7.5 Nov 03

The apt-get download command in APT before 1.0.9 does not properly validate signatures for packages, which allows remote

CVE-2014-0489 HIGH
7.5 Nov 03

APT before 1.0.9, when the Acquire::GzipIndexes option is enabled, does not validate checksums, which allows remote atta

CVE-2014-0487 HIGH
7.5 Nov 03

APT before 1.0.9 does not verify downloaded files if they have been modified as indicated using the If-Modified-Since he

CVE-2014-6273 MEDIUM
6.8 Sep 30

Buffer overflow in the HTTP transport code in apt-get in APT 1.0.1 and earlier allows man-in-the-middle attackers to cau

CVE-2014-0488 MEDIUM
6.8 Nov 03

APT before 1.0.9 does not "invalidate repository data" when moving from an unauthenticated to authenticated state, which

CVE-2018-0501 MEDIUM
5.9 Aug 21

The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3 mish

CVE-2020-27350 MEDIUM
5.7 Dec 10

APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files

CVE-2012-0214 MEDIUM
4.3 Apr 15

The pkgAcqMetaClearSig::Failed method in apt-pkg/acquire-item.cc in Advanced Package Tool (APT) 0.8.11 through 0.8.15.10

CVE-2014-7206 LOW
3.6 Oct 15

The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the c

Share

CVE-2013-1051 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy