Directory Traversal Vulnerabilities in dpkg-source for Debian and Ubuntu
CVE-2014-3865

Currently unrated

Key Information:

Vendor: Debian
Status: Dpkg-dev
Vendor: CVE Published:; 30 May 2014

What is CVE-2014-3865?

Multiple directory traversal vulnerabilities exist in the dpkg-source component of dpkg-dev 1.3.0, enabling remote attackers to manipulate files located outside of designated directories. This is achieved through a specially crafted source package containing an Index: pseudo-header that may lack critical header lines or include a blank pathname within the +++ header. Such exploits can allow unauthorized file modifications, posing serious security risks to affected systems.

References

http://www.ubuntu.com/usn/USN-2242-1

vendor-advisoryx_refsource_UBUNTU

http://www.debian.org/security/2014/dsa-2953

vendor-advisoryx_refsource_DEBIAN

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=749183

x_refsource_CONFIRM

EPSS Score

7% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 30, 2014
Vulnerability Reserved
May 25, 2014