Remote Code Execution in APT - Linux
Cyber security blogger "Max Justicz" reported a vulnerability in Linux Advanced Package Tool (APT), where an attacker is able to achieve remote code execution in an APT operation.
*For those non-Linux users, APT is software in Linux where it manages software installations and updates, just like Windows update manager.
The vulnerable versions of APT does not properly sanitize some of the parameters in the event of a HTTP redirect, therefore allowing a remote man-in-the-middle attacker to inject malicious content and the system would install the altered packages.
HTTP redirect is used in APT when fetching packages from the primary server fails, and the location of the next server is being used to fetch the packages. APT runs as "root" in Linux, which is the user with the highest privileges in the system, therefore, a targeted attack using this vulnerability would lead to a complete system takeover by an adversary.
The developers of APT have since released version 1.4.9 that addresses the issue. It is also highly recommended that Debian or Ubuntu users should update their systems as soon as possible.