Directory Traversal Flaw in Dpkg by Debian and Related Distributions
CVE-2010-1679

Currently unrated

Key Information:

Vendor: Debian
Status: Dpkg
Vendor: CVE Published:; 11 January 2011

Summary

The directory traversal vulnerability in dpkg allows remote attackers, aided by user interaction, to exploit malformed patch submissions for source-format 3.0 packages. By employing path traversal sequences, an attacker can alter potentially sensitive files, leading to unauthorized changes within the system. This vulnerability primarily impacts users that handle packages built using dpkg, creating a significant risk for system integrity and data confidentiality.

References

http://secunia.com/advisories/42831

third-party-advisoryx_refsource_SECUNIA

http://lists.fedoraproject.org/pipermail/package-announce...

vendor-advisoryx_refsource_FEDORA

http://secunia.com/advisories/42826

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Jan 11, 2011
Vulnerability Reserved
Apr 30, 2010