Published: 17/01/2008 Updated: 07/11/2023

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

VMScore: 641

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Untrusted search path vulnerability in apt-listchanges.py in apt-listchanges prior to 2.82 allows local users to execute arbitrary code via a malicious apt-listchanges program in the current working directory.

Vulnerable Product	Search on Vulmon	Subscribe to Product
debian apt-listchanges

Felipe Sateler discovered that apt-listchanges did not use safe paths when importing additional Python libraries A local attacker could exploit this and execute arbitrary commands as the user running apt-listchanges ...

Felipe Sateler discovered that apt-listchanges, a package change history notification tool, used unsafe paths when importing its python libraries This could allow the execution of arbitrary shell commands if the root user executed the command in a directory which other local users may write to For the old stable distribution (sarge), this problem ...

CWE-94 http://packages.debian.org/changelogs/pool/main/a/apt-listchanges/apt-listchanges_2.82/changelog http://www.debian.org/security/2008/dsa-1465 http://www.securityfocus.com/bid/27331 http://secunia.com/advisories/28513 http://www.ubuntu.com/usn/usn-572-1 http://secunia.com/advisories/28574 http://git.madism.org/?p=apt-listchanges.git%3Ba=commitdiff%3Bh=1bcfbf3dc55413bb83a1782dc9a54515a963fb32 https://usn.ubuntu.com/572-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2008-0302

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect