Vulnerabilities > CVE-2014-0487 - Security Bypass vulnerability in apt
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
APT before 1.0.9 does not verify downloaded files if they have been modified as indicated using the If-Modified-Since header, which has unspecified impact and attack vectors.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DLA-53.NASL description It was discovered that APT, the high level package manager, does not properly invalidate unauthenticated data (CVE-2014-0488), performs incorrect verification of 304 replies (CVE-2014-0487) and does not perform the checksum check when the Acquire::GzipIndexes option is used (CVE-2014-0489). NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2015-03-26 plugin id 82200 published 2015-03-26 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82200 title Debian DLA-53-1 : apt security update code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DLA-53-1. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(82200); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2014-0487", "CVE-2014-0488", "CVE-2014-0489"); script_bugtraq_id(69835, 69836, 69838, 74111); script_name(english:"Debian DLA-53-1 : apt security update"); script_summary(english:"Checks dpkg output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security update." ); script_set_attribute( attribute:"description", value: "It was discovered that APT, the high level package manager, does not properly invalidate unauthenticated data (CVE-2014-0488), performs incorrect verification of 304 replies (CVE-2014-0487) and does not perform the checksum check when the Acquire::GzipIndexes option is used (CVE-2014-0489). NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2014/09/msg00010.html" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/squeeze-lts/apt" ); script_set_attribute(attribute:"solution", value:"Upgrade the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:apt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:apt-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:apt-transport-https"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:apt-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libapt-pkg-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libapt-pkg-doc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0"); script_set_attribute(attribute:"patch_publication_date", value:"2014/09/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/26"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"6.0", prefix:"apt", reference:"0.8.10.3+squeeze3")) flag++; if (deb_check(release:"6.0", prefix:"apt-doc", reference:"0.8.10.3+squeeze3")) flag++; if (deb_check(release:"6.0", prefix:"apt-transport-https", reference:"0.8.10.3+squeeze3")) flag++; if (deb_check(release:"6.0", prefix:"apt-utils", reference:"0.8.10.3+squeeze3")) flag++; if (deb_check(release:"6.0", prefix:"libapt-pkg-dev", reference:"0.8.10.3+squeeze3")) flag++; if (deb_check(release:"6.0", prefix:"libapt-pkg-doc", reference:"0.8.10.3+squeeze3")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3025.NASL description It was discovered that APT, the high level package manager, does not properly invalidate unauthenticated data (CVE-2014-0488 ), performs incorrect verification of 304 replies (CVE-2014-0487 ), does not perform the checksum check when the Acquire::GzipIndexes option is used (CVE-2014-0489 ) and does not properly perform validation for binary packages downloaded by the apt-get download command (CVE-2014-0490 ). last seen 2020-03-17 modified 2014-09-17 plugin id 77715 published 2014-09-17 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77715 title Debian DSA-3025-1 : apt - security update NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2348-1.NASL description It was discovered that APT did not re-verify downloaded files when the If-Modified-Since wasn last seen 2020-06-01 modified 2020-06-02 plugin id 77726 published 2014-09-17 reporter Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77726 title Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS : apt vulnerabilities (USN-2348-1)