[Bug 1055614] Re: captive web portal corrupt Indexes
Paul F
boxjunk at hotmail.co.uk
Tue Sep 25 15:12:09 UTC 2012
Still present in 12.04 LTS, Precise running apt 0.8.16
In my case the corrupted package list files in /var/lib/apt/lists are
caused by the router redirecting to an internal help page when it
realises that its internet connection is down. So, when a fetch is
attempted from, say gb.archive.ubuntu.com/ubuntu/dists/precise-
updates/universe/binary-i386/Packages when checking for updates what
comes back is the html source from the router's help page (example
attached -- line 52 contains the requested url).
It would appear that no sanity check is done on the returned data
leaving subsequent parse attempts to choke. The corrupted files remain
and may propagate (???) causing other update failures.
On a security note, it occurs to me that an attacker in control of the
router could return crafted files in place of apt's package lists to
introduce malware as part of the normal automated update process. I
trust checks are in place to prevent this???
** Attachment added: "Example corrupted package list file from /var/lib/apt/lists"
https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/1055614/+attachment/3341892/+files/gb.archive.ubuntu.com_ubuntu_dists_precise-updates_universe_binary-i386_Packages.IndexDiff
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to update-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1055614
Title:
captive web portal corrupt Indexes
Status in “update-manager” package in Ubuntu:
Confirmed
Bug description:
When the computer is connected to a captive web portal, the update
manager does not check to see that files downloaded are valid indexes.
This results in the web portal's html file being written over some or
all of the files in /var/lib/apt/lists. I have been able to remove
the corrupted files (assuming if they are that easy to overwrite, then
blowing them away will be OK too) with the following command:
cd /var/lib/apt/lists
for foo in `grep -r weblogin.jsp .|cut -f 1 -d ':'`; do sudo rm -f $foo; done
This is not something a new user could be expected to do. I don't
know if the behavior has changed recently, but this is the second time
I have run into this bug in the last month.
This results in complete breakage of the update system stops all
updating until it is fixed. The user does get a little red error icon
with an relatively opaque error message which was how I knew to look
in the /var/lib/apt/lists directory.
This prevents all security updates so I have flagged it as a security
vulnerability.
1) The release of Ubuntu you are using, via 'lsb_release -rd' or System -> About Ubuntu
bryan at bryan-Aspire-V3-771:~/temp$ lsb_release -rd
Description: Ubuntu 12.04.1 LTS
Release: 12.04
2) The version of the package you are using, via 'apt-cache policy pkgname' or by checking in Software Center
bryan at bryan-Aspire-V3-771:~/temp$ apt-cache policy update-manager
update-manager:
Installed: 1:0.156.14.9
Candidate: 1:0.156.14.9
Version table:
*** 1:0.156.14.9 0
500 http://us.archive.ubuntu.com/ubuntu/ precise-updates/main amd64 Packages
100 /var/lib/dpkg/status
1:0.156.14.5 0
500 http://security.ubuntu.com/ubuntu/ precise-security/main amd64 Packages
1:0.156.14 0
500 http://us.archive.ubuntu.com/ubuntu/ precise/main amd64 Packages
3) What you expected to happen
/var/lib/apt/lists should not get corrupted when the computer is on a captive portal before login.
4) What happened instead
/var/lib/apt/lists does get corrupted in a way that has no (obvious to a normal user) fix.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/1055614/+subscriptions
More information about the foundations-bugs
mailing list