CVE-2019-15795

Published: Mar 26, 2020Modified: Nov 21, 2024

4.7

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 1.6 / Impact: 2.7

Source: NVD

Description

python-apt only checks the MD5 sums of downloaded files in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py in version 1.9.0ubuntu1 and earlier. This allows a man-in-the-middle attack which could potentially be used to install altered packages and has been fixed in versions 1.9.0ubuntu1.2, 1.6.5ubuntu0.1, 1.1.0~beta1ubuntu0.16.04.7, 0.9.3.5ubuntu3+esm2, and 0.8.3ubuntu7.5.

Affected (66)

Products: Ubuntu: Python Apt · Debian: Python Apt

1 product

1 product

Configuration A

12 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ubuntu Python Apt	Version 0.8.0 ubuntu9
Ubuntu Python Apt	Version 0.8.1 ubuntu1
Ubuntu Python Apt	Version 0.8.3 ubuntu1
Ubuntu Python Apt	Version 0.8.3 ubuntu2
Ubuntu Python Apt	Version 0.8.3 ubuntu3
Ubuntu Python Apt	Version 0.8.3 ubuntu4
Ubuntu Python Apt	Version 0.8.3 ubuntu5
Ubuntu Python Apt	Version 0.8.3 ubuntu6
Ubuntu Python Apt	Version 0.8.3 ubuntu7.1
Ubuntu Python Apt	Version 0.8.3 ubuntu7.2
Ubuntu Python Apt	Version 0.8.3 ubuntu7.3
Ubuntu Python Apt	Version 0.8.3 ubuntu7

Running on/with	Platform Versions
Canonical Ubuntu Linux	Version 12.04

Configuration B

19 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ubuntu Python Apt	Version 0.8.9.1
Ubuntu Python Apt	Version 0.8.9.1 ubuntu1
Ubuntu Python Apt	Version 0.9.0
Ubuntu Python Apt	Version 0.9.1
Ubuntu Python Apt	Version 0.9.1 build1
Ubuntu Python Apt	Version 0.9.1 build2
Ubuntu Python Apt	Version 0.9.1 ubuntu1
Ubuntu Python Apt	Version 0.9.3.1
Ubuntu Python Apt	Version 0.9.3.2
Ubuntu Python Apt	Version 0.9.3.2 ubuntu1
Ubuntu Python Apt	Version 0.9.3.2 ubuntu2
Ubuntu Python Apt	Version 0.9.3.3
Ubuntu Python Apt	Version 0.9.3.3 ubuntu1
Ubuntu Python Apt	Version 0.9.3.4
Ubuntu Python Apt	Version 0.9.3.4 build1
Ubuntu Python Apt	Version 0.9.3.5
Ubuntu Python Apt	Version 0.9.3.5 ubuntu1
Ubuntu Python Apt	Version 0.9.3.5 ubuntu2
Ubuntu Python Apt	Version 0.9.3.5 ubuntu3

Running on/with	Platform Versions
Canonical Ubuntu Linux	Version 14.04

Configuration C

10 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ubuntu Python Apt	Version 1.0.1 build1
Ubuntu Python Apt	Version 1.0.1 ubuntu1
Ubuntu Python Apt	Version 1.0.1 ubuntu2
Ubuntu Python Apt	Version 1.1.0 beta1
Ubuntu Python Apt	Version 1.1.0 beta1build1
Ubuntu Python Apt	Version 1.1.0 beta1ubuntu0.16.04.1
Ubuntu Python Apt	Version 1.1.0 beta1ubuntu0.16.04.2
Ubuntu Python Apt	Version 1.1.0 beta1ubuntu0.16.04.3
Ubuntu Python Apt	Version 1.1.0 beta1ubuntu0.16.04.4
Ubuntu Python Apt	Version 1.1.0 beta1ubuntu0.16.04.5

Running on/with	Platform Versions
Canonical Ubuntu Linux	Version 16.04

Configuration D

14 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Debian Python Apt	Version 1.8.4
Ubuntu Python Apt	Version 1.4.0
Ubuntu Python Apt	Version 1.4.0 beta3build2
Ubuntu Python Apt	Version 1.4.0 beta3ubuntu1
Ubuntu Python Apt	Version 1.6.0
Ubuntu Python Apt	Version 1.6.0 rc1
Ubuntu Python Apt	Version 1.6.0 rc2ubuntu1
Ubuntu Python Apt	Version 1.6.0 rc2ubuntu2
Ubuntu Python Apt	Version 1.6.0 rc3
Ubuntu Python Apt	Version 1.6.1
Ubuntu Python Apt	Version 1.6.2
Ubuntu Python Apt	Version 1.6.3
Ubuntu Python Apt	Version 1.6.3 ubuntu1
Ubuntu Python Apt	Version 1.6.4

Running on/with	Platform Versions
Canonical Ubuntu Linux	Version 18.04

Configuration E

3 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ubuntu Python Apt	Version 1.9.0 alpha0~ubuntu1
Ubuntu Python Apt	Version 1.9.0 alpha0~ubuntu2
Ubuntu Python Apt	Version 1.9.0 ubuntu1

Running on/with	Platform Versions
Canonical Ubuntu Linux	Version 19.10

Configuration F

8 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ubuntu Python Apt	Version 1.7.0
Ubuntu Python Apt	Version 1.8.0
Ubuntu Python Apt	Version 1.8.0 alpha0~ubuntu1
Ubuntu Python Apt	Version 1.8.0 alpha0~ubuntu2
Ubuntu Python Apt	Version 1.8.1
Ubuntu Python Apt	Version 1.8.2
Ubuntu Python Apt	Version 1.8.3
Ubuntu Python Apt	Version 1.8.4