Directory Traversal Vulnerability in Dpkg-source Affects Dpkg-dev by Debian
CVE-2014-3864

Currently unrated

Key Information:

Vendor: Debian
Status: Dpkg-dev
Vendor: CVE Published:; 30 May 2014

Summary

A directory traversal vulnerability exists in the dpkg-source component of dpkg-dev 1.3.0. This flaw enables remote attackers to manipulate files outside the designated directories by exploiting a specially crafted source package that omits the necessary '---' header line. Such manipulation can compromise system integrity and expose sensitive files to unauthorized access.

References

http://www.ubuntu.com/usn/USN-2242-1

vendor-advisoryx_refsource_UBUNTU

http://www.debian.org/security/2014/dsa-2953

vendor-advisoryx_refsource_DEBIAN

http://openwall.com/lists/oss-security/2014/05/25/2

mailing-listx_refsource_MLIST

Timeline

Vulnerability published
May 30, 2014
Vulnerability Reserved
May 25, 2014