CVE-2010-0396

Directory traversal vulnerability in the dpkg-source component in dpkg before 1.14.29 allows remote attackers to modify arbitrary files via a crafted Debian source archive.

CVSS v2.0 5.8 MEDIUM

5.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:P

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29.tar.gz	Patch
http://www.debian.org/security/2010/dsa-2011	Patch
http://www.vupen.com/english/advisories/2010/0582	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/56887
http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29.tar.gz	Patch
http://www.debian.org/security/2010/dsa-2011	Patch
http://www.vupen.com/english/advisories/2010/0582	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/56887

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:debian:dpkg::::::::
	cpe:2.3:a:debian:dpkg:1.9.19:::::::*
	cpe:2.3:a:debian:dpkg:1.9.20:::::::*
	cpe:2.3:a:debian:dpkg:1.9.21:::::::*
	cpe:2.3:a:debian:dpkg:1.10:::::::*
	cpe:2.3:a:debian:dpkg:1.10.1:::::::*
	cpe:2.3:a:debian:dpkg:1.10.2:::::::*
	cpe:2.3:a:debian:dpkg:1.10.3:::::::*
	cpe:2.3:a:debian:dpkg:1.10.4:::::::*
	cpe:2.3:a:debian:dpkg:1.10.5:::::::*
	cpe:2.3:a:debian:dpkg:1.10.6:::::::*
	cpe:2.3:a:debian:dpkg:1.10.7:::::::*
	cpe:2.3:a:debian:dpkg:1.10.8:::::::*
	cpe:2.3:a:debian:dpkg:1.10.9:::::::*
	cpe:2.3:a:debian:dpkg:1.10.10:::::::*
	cpe:2.3:a:debian:dpkg:1.10.11:::::::*
	cpe:2.3:a:debian:dpkg:1.10.12:::::::*
	cpe:2.3:a:debian:dpkg:1.10.13:::::::*
	cpe:2.3:a:debian:dpkg:1.10.14:::::::*
	cpe:2.3:a:debian:dpkg:1.10.15:::::::*
	cpe:2.3:a:debian:dpkg:1.10.16:::::::*
	cpe:2.3:a:debian:dpkg:1.10.17:::::::*
	cpe:2.3:a:debian:dpkg:1.10.18:::::::*
	cpe:2.3:a:debian:dpkg:1.10.18.1:::::::*
	cpe:2.3:a:debian:dpkg:1.10.19:::::::*
	cpe:2.3:a:debian:dpkg:1.10.20:::::::*
	cpe:2.3:a:debian:dpkg:1.10.21:::::::*
	cpe:2.3:a:debian:dpkg:1.10.22:::::::*
	cpe:2.3:a:debian:dpkg:1.10.23:::::::*
	cpe:2.3:a:debian:dpkg:1.10.24:::::::*
	cpe:2.3:a:debian:dpkg:1.10.25:::::::*
	cpe:2.3:a:debian:dpkg:1.10.26:::::::*
	cpe:2.3:a:debian:dpkg:1.10.27:::::::*
	cpe:2.3:a:debian:dpkg:1.10.28:::::::*
	cpe:2.3:a:debian:dpkg:1.13.0:::::::*
	cpe:2.3:a:debian:dpkg:1.13.1:::::::*
	cpe:2.3:a:debian:dpkg:1.13.2:::::::*
	cpe:2.3:a:debian:dpkg:1.13.3:::::::*
	cpe:2.3:a:debian:dpkg:1.13.4:::::::*
	cpe:2.3:a:debian:dpkg:1.13.5:::::::*
	cpe:2.3:a:debian:dpkg:1.13.6:::::::*
	cpe:2.3:a:debian:dpkg:1.13.7:::::::*
	cpe:2.3:a:debian:dpkg:1.13.8:::::::*
	cpe:2.3:a:debian:dpkg:1.13.9:::::::*
	cpe:2.3:a:debian:dpkg:1.13.10:::::::*
	cpe:2.3:a:debian:dpkg:1.13.11:::::::*
	cpe:2.3:a:debian:dpkg:1.13.11.1:::::::*
	cpe:2.3:a:debian:dpkg:1.13.12:::::::*
	cpe:2.3:a:debian:dpkg:1.13.13:::::::*
	cpe:2.3:a:debian:dpkg:1.13.14:::::::*
	cpe:2.3:a:debian:dpkg:1.13.15:::::::*
	cpe:2.3:a:debian:dpkg:1.13.16:::::::*
	cpe:2.3:a:debian:dpkg:1.13.17:::::::*
	cpe:2.3:a:debian:dpkg:1.13.18:::::::*
	cpe:2.3:a:debian:dpkg:1.13.19:::::::*
	cpe:2.3:a:debian:dpkg:1.13.20:::::::*
	cpe:2.3:a:debian:dpkg:1.13.21:::::::*
	cpe:2.3:a:debian:dpkg:1.13.22:::::::*
	cpe:2.3:a:debian:dpkg:1.13.23:::::::*
	cpe:2.3:a:debian:dpkg:1.13.24:::::::*
	cpe:2.3:a:debian:dpkg:1.13.25:::::::*
	cpe:2.3:a:debian:dpkg:1.14.0:::::::*
	cpe:2.3:a:debian:dpkg:1.14.1:::::::*
	cpe:2.3:a:debian:dpkg:1.14.2:::::::*
cpe:2.3:a:debian:dpkg:1.14.3:::::::*
cpe:2.3:a:debian:dpkg:1.14.4:::::::*
cpe:2.3:a:debian:dpkg:1.14.5:::::::*
cpe:2.3:a:debian:dpkg:1.14.6:::::::*
cpe:2.3:a:debian:dpkg:1.14.7:::::::*
cpe:2.3:a:debian:dpkg:1.14.8:::::::*
cpe:2.3:a:debian:dpkg:1.14.9:::::::*
cpe:2.3:a:debian:dpkg:1.14.10:::::::*
cpe:2.3:a:debian:dpkg:1.14.11:::::::*
cpe:2.3:a:debian:dpkg:1.14.12:::::::*
cpe:2.3:a:debian:dpkg:1.14.13:::::::*
cpe:2.3:a:debian:dpkg:1.14.14:::::::*
cpe:2.3:a:debian:dpkg:1.14.15:::::::*
cpe:2.3:a:debian:dpkg:1.14.16:::::::*
cpe:2.3:a:debian:dpkg:1.14.16.1:::::::*
cpe:2.3:a:debian:dpkg:1.14.16.2:::::::*
cpe:2.3:a:debian:dpkg:1.14.16.3:::::::*
cpe:2.3:a:debian:dpkg:1.14.16.4:::::::*
cpe:2.3:a:debian:dpkg:1.14.16.5:::::::*
cpe:2.3:a:debian:dpkg:1.14.16.6:::::::*
cpe:2.3:a:debian:dpkg:1.14.17:::::::*
cpe:2.3:a:debian:dpkg:1.14.18:::::::*
cpe:2.3:a:debian:dpkg:1.14.19:::::::*
cpe:2.3:a:debian:dpkg:1.14.20:::::::*
cpe:2.3:a:debian:dpkg:1.14.21:::::::*
cpe:2.3:a:debian:dpkg:1.14.22:::::::*
cpe:2.3:a:debian:dpkg:1.14.23:::::::*
cpe:2.3:a:debian:dpkg:1.14.24:::::::*
cpe:2.3:a:debian:dpkg:1.14.25:::::::*
cpe:2.3:a:debian:dpkg:1.14.26:::::::*
cpe:2.3:a:debian:dpkg:1.14.27:::::::*

History

21 Nov 2024, 01:12

Type	Values Removed	Values Added
References	~~() http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29.tar.gz - Patch~~	() http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29.tar.gz - Patch
References	~~() http://www.debian.org/security/2010/dsa-2011 - Patch~~	() http://www.debian.org/security/2010/dsa-2011 - Patch
References	~~() http://www.vupen.com/english/advisories/2010/0582 - Vendor Advisory~~	() http://www.vupen.com/english/advisories/2010/0582 - Vendor Advisory
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/56887 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/56887 -

Information

Published : 2010-03-15 13:28

Updated : 2024-11-21 01:12

NVD link : CVE-2010-0396

Mitre link : CVE-2010-0396

CVE.ORG link : CVE-2010-0396

JSON object : View

Products Affected

debian

dpkg

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

5.8 /10