Directory Traversal Vulnerability in Dpkg Source for Debian Packages
CVE-2017-8283

9.8CRITICAL

Key Information:

Vendor: Debian
Status: Dpkg
Vendor: CVE Published:; 26 April 2017

Summary

The dpkg-source tool in dpkg versions 1.3.0 through 1.18.23 is susceptible to directory traversal attacks due to its ability to accept non-GNU patch programs and lack of protective mechanisms for blank-indented diff hunks. This flaw enables remote attackers to craft specific Debian source packages, potentially compromising the target system's file structure. An exploit could facilitate unauthorized access to sensitive files, highlighting the critical need for updated protections against such vulnerabilities.

References

http://www.securityfocus.com/bid/98064

vdb-entryx_refsource_BID

http://www.openwall.com/lists/oss-security/2017/04/20/2

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 26, 2017
Vulnerability Reserved
Apr 25, 2017