corrupted /var/lib/apt/lists
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
aptitude (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: aptitude
I was connected to a hotel WiFi system that requires you to register on a web page to get access. My access had expired, and I ran "aptitude update" and aptitude happily sucked in the hotel's page that explains how to register for access, instead of the desired page describing packages. This page ended up in /var/lib/
As a result, you get error messages, but it seems likely this could enable attacks on the system, if the web page were designed to be evil, instead of a WiFi registration page.
Here's a sample error from aptitude search:
E: Encountered a section with no Package: header
E: Problem with MergeList /var/lib/
E: The package lists or status file could not be parsed or opened.
I attach one of the corrupted files (...security.
$ lsb_release -rd
Description: Ubuntu 11.04
Release: 11.04
gpk@nglap:
$ apt-cache policy aptitude
E: Encountered a section with no Package: header
E: Problem with MergeList /var/lib/
E: The package lists or status file could not be parsed or opened.
gpk@nglap:
The system was up to date as of 7 May 2011.
Thank you for using Ubuntu and reporting a bug. Based on the information you have provided, aptitude is correctly erroring out on the 'malformed' files, and should not be executing any code as a result. It is theoretically possible for a malicious server to improper files, but the signatures would not match. It might be possible to replay valid old files to prevent you from updating, but this is rather convoluted, is an old issue and fixed in Ubuntu (bug #247445). Replay attacks against security mirrors are also discussed here: bugs.debian. org/cgi- bin/bugreport. cgi?bug= 499897
http://