Critical vulnerability has been detected in the Linux APT, which allows hackers to have remote access to the devices.
Details of the new critical vulnerability of Linux APT were discovered by a security researcher Max Justist when applying the remote code to the APT-GET tool. The tool can use the remote attacker to compromise the Linux environment. The vulnerability also proves that such attacks can easily be mitigated if the HTTPS protocol is used for secure communication.
The vulnerability (CVE-2019-3462) is located in the APT API Manager, a widely used software tool that makes it easy to install, upgrade, and remove the Debian, Ubuntu, and other Linux distributions,
Redirects to the Linux APT
According to a blog post published by Justicz, APT does not eliminate the correct verification of parameters between HTTP redirects to mirror servers, allowing attackers to execute t. I. "Man in the middle" attacks and inserts malicious content, and so on redesigning the modified packet system,
On Twitter, some cyber security experts have discussed that we can only rely on checking sign-based packets just because APT does Linux but not HTTPS updates.
APT HTTP redirects help Linux operating systems automatically find the right server to download software packages when other servers are unavailable. If the first server fails, it returns the response to the location of the next server from where the client should request the packet.
"Unfortunately, the HTTP process decodes the URL header and blindly adds it to the 103 HTTP message – the forwarding response" explains Justicz.
How to protect?
Although Justicz has not tested, he believes that vulnerability affects all types of packet transfers even if you first install a package or update the old one.
In order to protect the reliability of software packages, it is important to use a check based on characters. Software developers have no control over t. I. mirror servers, but this does not mean that it is necessary to ignore the benefits of using the HTTPS protocol over the complexity of infrastructure upgrades in some specific cases.
What equipment is safe?
It can not be said that a software, platform or server is 100% sure, and therefore accepting the idea of in-depth protection is not a bad idea and should be taken into account by all.
It should also be noted that cybersecurity do not expect organizations or developers of open source solutions to deploy HTTPS overnight but should not refuse security mechanisms.
Debian and Ubuntu use a simple HTTP source package that allows Debian to select the desired mirror during installation. In fact, it does not support HTTPS repositories, which means you must first install "apt-transport-https". We recommend that you use standard HTTPS packages for safer communication and let users later decide whether to reduce security.
APT updates are now available!
APT developers released an updated version of 1.4.9, which removes the vulnerability of remote code execution.
APT-GET is part of many large Linux distributions, including Debian and Ubuntu, which also recognize the error and issue security updates. For cyber security professionals, we recommend Linux users to update their systems as soon as possible to provide greater security.
Are you trying to improve network security?
Smart Com experts for cyber-security can help with advice and / or in-depth review.