Snap Trap: The Hidden Dangers Within Ubuntu's Package Suggestion System

www.aquasec.com

Snap Trap: The Hidden Dangers Within Ubuntu's Package Suggestion System

www.aquasec.com

testeronious@lemmy.world to

Security@programming.dev · 1 year ago

Aqua Nautilus researchers have identified a security issue that arises from the interaction between Ubuntu’s command-not-found package and the snap package repository. While command-not-found serves as a convenient tool for suggesting installations for uninstalled commands, it can be inadvertently manipulated by attackers through the snap repository, leading to deceptive recommendations of malicious packages. Additionally, our …

You must log in or register to comment.

Chat

Security@programming.dev

security@programming.dev

Create a post

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !security@programming.dev

A community for discussion about cybersecurity, hacking, cybersecurity news, exploits, bounties etc.

Rules :

All instance-wide rules apply.
Keep it totally legal.
Remember the human, be civil.
Be helpful, don’t be rude.

Icon base by Delapouite under CC BY 3.0 with modifications to add a gradient

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

3 users / day
10 users / week
201 users / month
229 users / 6 months
6 local subscribers
865 subscribers
80 Posts
128 Comments
Modlog

mods:
LinearArray@programming.dev