Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.4
CVSSv2

CVE-2014-3865

Published: 30/05/2014 Updated: 29/12/2017
CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10
VMScore: 645
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P
Subscribe to Dpkg-dev

Vulnerability Summary

Multiple directory traversal vulnerabilities in dpkg-source in dpkg-dev 1.3.0 allow remote malicious users to modify files outside of the intended directories via a source package with a crafted Index: pseudo-header in conjunction with (1) missing --- and +++ header lines or (2) a +++ header line with a blank pathname.

Vulnerable Product Search on Vulmon Subscribe to Product

debian dpkg-dev 1.3.0

Vendor Advisories

Ubuntu Security Notice: dpkg vulnerabilities
A malicious source package could write files outside the unpack directory ...
Debian CVElist Bug Report Logs: dpkg-source: Directory traversal on unpack through missing --- header line
Debian Bug report logs - #746498 dpkg-source: Directory traversal on unpack through missing --- header line Package: dpkg-dev; Maintainer for dpkg-dev is Dpkg Developers <debian-dpkg@listsdebianorg>; Source for dpkg-dev is src:dpkg (PTS, buildd, popcon) Reported by: javier--7C8FrOsBhwV6hRgYM4mLHJBYcgPTm9@jaspnet Date: W ...
Debian CVElist Bug Report Logs: dpkg-source: Directory traversal on unpack through Index: pseudo-header
Debian Bug report logs - #749183 dpkg-source: Directory traversal on unpack through Index: pseudo-header Package: dpkg-dev; Maintainer for dpkg-dev is Dpkg Developers <debian-dpkg@listsdebianorg>; Source for dpkg-dev is src:dpkg (PTS, buildd, popcon) Reported by: Guillem Jover <guillem@debianorg> Date: Sat, 24 May ...
Debian Security Advisories: DSA-2953-1 dpkg -- security update
Multiple vulnerabilities were discovered in dpkg that allow file modification through path traversal when unpacking source packages with specially crafted patch files This update had been scheduled before the end of security support for the oldstable distribution (squeeze), hence an exception has been made and was released through the security arc ...

Exploits

Exploit DB: dpkg Source Package - Index: pseudo-header Processing Multiple Local Directory Traversals
source: wwwsecurityfocuscom/bid/67727/info dpkg is prone to multiple directory-traversal vulnerabilities because it fails to sufficiently sanitize user-supplied input Exploiting these issues will allow local attackers to modify files outside the destination directory and possibly gain access to the system dpkg 130 is vulnerable; oth ...

References

CWE-22https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=749183http://openwall.com/lists/oss-security/2014/05/25/2http://www.securityfocus.com/bid/67727http://www.ubuntu.com/usn/USN-2242-1http://www.debian.org/security/2014/dsa-2953https://usn.ubuntu.com/2242-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/39207/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761command injectionCVE-2024-3676IDORCVE-2024-30039CVE-2024-32113CVE-2024-30049CVE-2024-4776SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook