Rewterz Threat Advisory – Russian language Malspam Campaign spreading Redaman Banking Malware
January 25, 2019Rewterz Threat Alert: RDP Tunneling leading to network security bypass
January 25, 2019Rewterz Threat Advisory – Russian language Malspam Campaign spreading Redaman Banking Malware
January 25, 2019Rewterz Threat Alert: RDP Tunneling leading to network security bypass
January 25, 2019SEVERITY: High
CATEGORY: Vulnerability
ANALYSIS SUMMARY
While using apt-get command, HTTP redirects allow Linux systems to automatically request packages from a mirror server when others are unavailable. When the first server is not able to provide the package, it responds by providing the next suitable server.
The code handling HTTP redirects in the HTTP transport method doesn’t properly sanitize fields transmitted over the wire. This vulnerability could be used by an attacker located as a man-in-the-middle between APT and a mirror to inject malicious content in the HTTP connection.
IMPACT
Content injection in http method.
AFFECTED PRODUCTS
APT Packet Manager 0.8.15
REMEDIATION
Users are advised to update to version 1.4.9.