OS-LINUX -- Snort has detected traffic targeting vulnerabilities in a Linux-based operating system. This does not include browser traffic or other software on the OS, but attacks against the OS itself. (such as?)
OS-LINUX Debian apt remote code execution attempt
This event is generated when an attempt to generate a remote code execution in the apt package software manager of Debian, has been detected
A researcher has found a vulnerability in apt that allows a network man-in-the-middle (or a malicious package mirror) to execute arbitrary code as root on a machine installing any package.
Ease of Attack:
What To Look For
No public information
No known false positives
Cisco Talos Intelligence Group
MITRE ATT&CK Framework
For reference, see the MITRE ATT&CK vulnerability types here:
CVE Additional Information
CVE-2019-3462Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine.
||Ease of Access||