Executive Summary

Informations
Name CVE-2011-0402 First vendor Publication 2011-01-10
Vendor Cve Last vendor Modification 2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score 6.8 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via a symlink attack on unspecified files in the .pc directory.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0402

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-59 Improper Link Resolution Before File Access ('Link Following')

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 237

OpenVAS Exploits

Date Description
2011-01-24 Name : Fedora Update for dpkg FEDORA-2011-0345
File : nvt/gb_fedora_2011_0345_dpkg_fc13.nasl
2011-01-24 Name : Fedora Update for dpkg FEDORA-2011-0362
File : nvt/gb_fedora_2011_0362_dpkg_fc14.nasl
2011-01-11 Name : Ubuntu Update for dpkg vulnerability USN-1038-1
File : nvt/gb_ubuntu_USN_1038_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
70367 dpkg dpkg-source Temporary File Symlink Arbitrary File Overwrite

dpkg contains a flaw related to the dpkg-source component incorrectly following symlinks in the ".pc" directory when unpacking version "3.0 quilt" source packages. This may be exploited by a context-dependent attacker using a symlink attack on unspecified files in the .pc directory to modify arbitrary files.

Nessus® Vulnerability Scanner

Date Description
2011-01-24 Name : The remote Fedora host is missing a security update.
File : fedora_2011-0345.nasl - Type : ACT_GATHER_INFO
2011-01-24 Name : The remote Fedora host is missing a security update.
File : fedora_2011-0362.nasl - Type : ACT_GATHER_INFO
2011-01-07 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2142.nasl - Type : ACT_GATHER_INFO
2011-01-07 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1038-1.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053306...
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053311...
http://osvdb.org/70367
http://secunia.com/advisories/42826
http://secunia.com/advisories/42831
http://secunia.com/advisories/43054
http://www.debian.org/security/2011/dsa-2142
http://www.securityfocus.com/bid/45703
http://www.ubuntu.com/usn/USN-1038-1
http://www.vupen.com/english/advisories/2011/0040
http://www.vupen.com/english/advisories/2011/0044
http://www.vupen.com/english/advisories/2011/0196
https://exchange.xforce.ibmcloud.com/vulnerabilities/64614
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
Date Informations
2024-11-28 23:06:25
  • Multiple Updates
2024-11-28 12:24:36
  • Multiple Updates
2022-06-08 01:10:15
  • Multiple Updates
2021-05-05 01:08:05
  • Multiple Updates
2021-05-04 12:13:54
  • Multiple Updates
2021-04-22 01:15:04
  • Multiple Updates
2020-05-23 01:43:45
  • Multiple Updates
2020-05-23 00:27:39
  • Multiple Updates
2017-08-17 09:23:14
  • Multiple Updates
2017-05-12 12:03:07
  • Multiple Updates
2016-06-28 18:30:58
  • Multiple Updates
2016-04-26 20:29:51
  • Multiple Updates
2014-02-17 10:59:57
  • Multiple Updates
2013-05-10 22:53:11
  • Multiple Updates