Symlink Vulnerability in Apt Tool Affecting Debian and Ubuntu
CVE-2014-7206

Currently unrated

Key Information:

Vendor: Debian
Status: Apt; Advanced Package Tool
Vendor: CVE Published:; 15 October 2014

What is CVE-2014-7206?

Apt prior to version 1.0.9.2 contains a vulnerability that allows local users to create a symlink to the changelog file. This can lead to unauthorized file writing, compromising the system's security and integrity. Users are advised to update to a patched version to mitigate the risk associated with this vulnerability.

References

http://secunia.com/advisories/61333

third-party-advisoryx_refsource_SECUNIA

http://www.debian.org/security/2014/dsa-3048

vendor-advisoryx_refsource_DEBIAN

http://secunia.com/advisories/61768

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 15, 2014
Vulnerability Reserved
Sep 27, 2014