Symlink Vulnerability in dpkg by Debian and Ubuntu
CVE-2011-0402

Currently unrated

Key Information:

Vendor: Debian
Status: Dpkg
Vendor: CVE Published:; 11 January 2011

Summary

The dpkg-source tool in the dpkg package management system, prior to version 1.14.31 and in the 1.15.x series, has a vulnerability that allows attackers to use symlink attacks to modify arbitrary files. By exploiting this flaw, user-assisted remote attackers can manipulate files within the .pc directory, potentially leading to unauthorized access or modifications of the system. Proper safeguards and updated versions should be implemented to mitigate this issue.

References

http://secunia.com/advisories/42831

third-party-advisoryx_refsource_SECUNIA

http://lists.fedoraproject.org/pipermail/package-announce...

vendor-advisoryx_refsource_FEDORA

https://exchange.xforce.ibmcloud.com/vulnerabilities/64614

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Jan 11, 2011
Vulnerability Reserved
Jan 10, 2011