CVE-2014-0490
Debian Security Advisory 3025-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The apt-get download command in APT before 1.0.9 does not properly validate signatures for packages, which allows remote attackers to execute arbitrary code via a crafted package.
El comando de descarga apt-get en APT anterior a 1.0.9 no valida debidamente las firmas para paquetes, lo que permite a atacantes remotos ejecutar código arbitrario a través de un paquete manipulado.
It was discovered that APT did not re-verify downloaded files when the If-Modified-Since wasn't met. It was discovered that APT did not invalidate repository data when it switched from an unauthenticated to an authenticated state. It was discovered that the APT Acquire::GzipIndexes option caused APT to skip checksum validation. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS, and was not enabled by default. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-12-19 CVE Reserved
- 2014-09-16 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/61275 | Third Party Advisory | |
| http://secunia.com/advisories/61286 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://ubuntu.com/usn/usn-2348-1 | 2020-01-08 |
| URL | Date | SRC |
|---|---|---|
| http://www.debian.org/security/2014/dsa-3025 | 2020-01-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | <= 1.0.8 Search vendor "Debian" for product "Advanced Package Tool" and version " <= 1.0.8" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | * | - |
Safe
|
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | 1.0.3 Search vendor "Debian" for product "Advanced Package Tool" and version "1.0.3" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | * | - |
Safe
|
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | 1.0.4 Search vendor "Debian" for product "Advanced Package Tool" and version "1.0.4" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | * | - |
Safe
|
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | 1.0.5 Search vendor "Debian" for product "Advanced Package Tool" and version "1.0.5" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | * | - |
Safe
|
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | 1.0.6 Search vendor "Debian" for product "Advanced Package Tool" and version "1.0.6" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | * | - |
Safe
|
| Debian Search vendor "Debian" | Advanced Package Tool Search vendor "Debian" for product "Advanced Package Tool" | 1.0.7 Search vendor "Debian" for product "Advanced Package Tool" and version "1.0.7" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | * | - |
Safe
|