Summary
| Detail | |||
|---|---|---|---|
| Vendor | Debian | First view | 2010-03-15 |
| Product | Dpkg | Last view | 2022-05-26 |
| Version | 1.13.22 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:debian:dpkg | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 9.8 | 2022-05-26 | CVE-2022-1664 | Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs. |
| 9.8 | 2017-04-26 | CVE-2017-8283 | dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD. |
| 4.3 | 2015-04-13 | CVE-2015-0840 | The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc). |
| 6.8 | 2015-01-20 | CVE-2014-8625 | Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name. |
| 5 | 2014-04-30 | CVE-2014-0471 | Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to "C-style filename quoting." |
| 6.8 | 2011-01-10 | CVE-2011-0402 | dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via a symlink attack on unspecified files in the .pc directory. |
| 6.8 | 2011-01-10 | CVE-2010-1679 | Directory traversal vulnerability in dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via directory traversal sequences in a patch for a source-format 3.0 package. |
| 5.8 | 2010-03-15 | CVE-2010-0396 | Directory traversal vulnerability in the dpkg-source component in dpkg before 1.14.29 allows remote attackers to modify arbitrary files via a crafted Debian source archive. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 62% (5) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
| 12% (1) | CWE-284 | Access Control (Authorization) Issues |
| 12% (1) | CWE-134 | Uncontrolled Format String |
| 12% (1) | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 70368 | dpkg dpkg-source source-format Package Traversal Arbitrary File Overwrite |
| 70367 | dpkg dpkg-source Temporary File Symlink Arbitrary File Overwrite |
| 62856 | Debian dpkg dpkg-source Unspecified Directory Traversal |
OpenVAS Exploits
| id | Description |
|---|---|
| 2011-01-24 | Name : Fedora Update for dpkg FEDORA-2011-0345 File : nvt/gb_fedora_2011_0345_dpkg_fc13.nasl |
| 2011-01-24 | Name : Fedora Update for dpkg FEDORA-2011-0362 File : nvt/gb_fedora_2011_0362_dpkg_fc14.nasl |
| 2011-01-11 | Name : Ubuntu Update for dpkg vulnerability USN-1038-1 File : nvt/gb_ubuntu_USN_1038_1.nasl |
| 2010-03-22 | Name : Fedora Update for dpkg FEDORA-2010-4344 File : nvt/gb_fedora_2010_4344_dpkg_fc11.nasl |
| 2010-03-22 | Name : Fedora Update for dpkg FEDORA-2010-4371 File : nvt/gb_fedora_2010_4371_dpkg_fc12.nasl |
| 2010-03-16 | Name : Debian Security Advisory DSA 2011-1 (dpkg) File : nvt/deb_2011_1.nasl |
| 2010-03-12 | Name : Ubuntu Update for dpkg vulnerability USN-909-1 File : nvt/gb_ubuntu_USN_909_1.nasl |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2015-06-15 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2015-421.nasl - Type: ACT_GATHER_INFO |
| 2015-05-18 | Name: The remote Debian host is missing a security update. File: debian_DLA-220.nasl - Type: ACT_GATHER_INFO |
| 2015-05-13 | Name: The remote Fedora host is missing a security update. File: fedora_2015-7342.nasl - Type: ACT_GATHER_INFO |
| 2015-05-13 | Name: The remote Fedora host is missing a security update. File: fedora_2015-7296.nasl - Type: ACT_GATHER_INFO |
| 2015-05-11 | Name: The remote Fedora host is missing a security update. File: fedora_2015-6974.nasl - Type: ACT_GATHER_INFO |
| 2015-04-10 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-2566-1.nasl - Type: ACT_GATHER_INFO |
| 2015-04-10 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-3217.nasl - Type: ACT_GATHER_INFO |
| 2015-01-19 | Name: The remote Solaris system is missing a security patch for third-party software. File: solaris11_gnu-patch_20141120.nasl - Type: ACT_GATHER_INFO |
| 2014-08-08 | Name: The remote Fedora host is missing a security update. File: fedora_2014-8564.nasl - Type: ACT_GATHER_INFO |
| 2014-05-21 | Name: The remote Fedora host is missing a security update. File: fedora_2014-6277.nasl - Type: ACT_GATHER_INFO |
| 2014-05-02 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-2183-2.nasl - Type: ACT_GATHER_INFO |
| 2014-04-29 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-2183-1.nasl - Type: ACT_GATHER_INFO |
| 2014-04-29 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-2915.nasl - Type: ACT_GATHER_INFO |
| 2011-01-24 | Name: The remote Fedora host is missing a security update. File: fedora_2011-0362.nasl - Type: ACT_GATHER_INFO |
| 2011-01-24 | Name: The remote Fedora host is missing a security update. File: fedora_2011-0345.nasl - Type: ACT_GATHER_INFO |
| 2011-01-07 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-1038-1.nasl - Type: ACT_GATHER_INFO |
| 2011-01-07 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-2142.nasl - Type: ACT_GATHER_INFO |
| 2010-07-01 | Name: The remote Fedora host is missing a security update. File: fedora_2010-4410.nasl - Type: ACT_GATHER_INFO |
| 2010-07-01 | Name: The remote Fedora host is missing a security update. File: fedora_2010-4371.nasl - Type: ACT_GATHER_INFO |
| 2010-07-01 | Name: The remote Fedora host is missing a security update. File: fedora_2010-4344.nasl - Type: ACT_GATHER_INFO |
| 2010-03-11 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-2011.nasl - Type: ACT_GATHER_INFO |
| 2010-03-11 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-909-1.nasl - Type: ACT_GATHER_INFO |
