OS-LINUX -- Snort has detected traffic targeting vulnerabilities in a Linux-based operating system. This does not include browser traffic or other software on the OS, but attacks against the OS itself. (such as?)
OS-LINUX Debian apt remote code execution attempt
This event is generated when an attempt to generate a remote code execution in the apt package software manager of Debian, has been detected Impact: High Details: A researcher has found a vulnerability in apt that allows a network man-in-the-middle (or a malicious package mirror) to execute arbitrary code as root on a machine installing any package. Ease of Attack: Simple
No public information
No known false positives
Cisco Talos Intelligence Group
Tactic:
Technique:
For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org
CVE-2019-3462Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine. |
|