Directory Traversal Vulnerability in DPKG Affects Debian and Ubuntu
CVE-2014-0471

Currently unrated

Key Information:

Vendor: Debian
Status: Dpkg; Ubuntu Linux
Vendor: CVE Published:; 30 April 2014

What is CVE-2014-0471?

A directory traversal vulnerability exists in the unpacking functionality of dpkg before version 1.15.9, and in versions 1.16.x prior to 1.16.13 and 1.17.x before 1.17.8. This flaw enables remote attackers to exploit crafted source packages to write arbitrary files to the filesystem. The vulnerability is associated with improper handling of file paths, particularly in the C-style filename quoting mechanism. Successful exploitation could lead to significant security risks for systems using affected dpkg versions.

References

http://www.debian.org/security/2014/dsa-2915

vendor-advisoryx_refsource_DEBIAN

http://www.securityfocus.com/bid/67106

vdb-entryx_refsource_BID

http://www.ubuntu.com/usn/USN-2183-1

vendor-advisoryx_refsource_UBUNTU

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 30, 2014
Vulnerability Reserved
Dec 19, 2013