apt / dpkg
Debian & Ubuntu package management abuse techniques
high
Signature Bypass
APT GPG Signature Verification Bypass
APT uses GPG signatures to verify the authenticity and integrity of repository metadata (Release files) and packages. However, this …
Linux
high
Source Manipulation
Malicious APT Repository Source Injection
APT resolves and installs packages from repository sources configured in /etc/apt/sources.list and /etc/apt/sources.list.d/. An attacker …
Linux
high
Supply Chain
APT Package Name and Version Spoofing
APT uses a version comparison algorithm to determine which package version to install, preferring the highest available version across all …
Linux
critical
Code Execution
APT/DPKG Maintainer Script Execution
Debian packages support maintainer scripts (preinst, postinst, prerm, postrm) that are automatically executed with root privileges during …
Linux
medium
Supply Chain
APT Repository Man-in-the-Middle Attack
Many APT repositories still serve packages over unencrypted HTTP, making them vulnerable to man-in-the-middle (MITM) attacks. An attacker …
Linux