Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Summary | |
|---|---|
| Title | New dpkg packages fix directory traversal |
| Informations | |||
|---|---|---|---|
| Name | DSA-2142 | First vendor Publication | 2011-01-06 |
| Vendor | Debian | Last vendor Modification | 2011-01-06 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 6.8 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Jakub Wilk discovered that the dpkg-source component of dpkg, the Debian package management system, doesn't correctly handle paths in patches of source packages, which could make it traverse directories. Raphaël Hertzog additionally discovered that symbolic links in the .pc directory are followed, which could make it traverse directories too. Both issues only affect source packages using the "3.0 quilt" format at unpack-time. For the stable distribution (lenny), these problems have been fixed in version 1.14.31. For the testing (squeeze) and unstable distributions (sid), these problems will be fixed soon. We recommend that you upgrade your dpkg packages. |
Original Source
| Url : http://www.debian.org/security/2011/dsa-2142 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 50 % | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
| 50 % | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25) |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:12905 | |||
| Oval ID: | oval:org.mitre.oval:def:12905 | ||
| Title: | DSA-2142-1 dpkg -- directory traversal | ||
| Description: | Jakub Wilk discovered that the dpkg-source component of dpkg, the Debian package management system, doesn't correctly handle paths in patches of source packages, which could make it traverse directories. Raphaël Hertzog additionally discovered that symbolic links in the .pc directory are followed, which could make it traverse directories too. Both issues only affect source packages using the "3.0 quilt" format at unpack-time. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2142-1 CVE-2010-1679 | Version: | 7 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | dpkg |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:13480 | |||
| Oval ID: | oval:org.mitre.oval:def:13480 | ||
| Title: | USN-1038-1 -- dpkg vulnerability | ||
| Description: | Jakub Wilk and Raphaël Hertzog discovered that dpkg-source did not correctly handle certain paths and symlinks when unpacking source-format version 3.0 packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could modify files outside the target unpack directory, leading to a denial of service or potentially gaining access to the system. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-1038-1 CVE-2010-1679 | Version: | 7 |
| Platform(s): | Ubuntu 10.10 Ubuntu 9.10 Ubuntu 10.04 | Product(s): | dpkg |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2011-01-24 | Name : Fedora Update for dpkg FEDORA-2011-0345 File : nvt/gb_fedora_2011_0345_dpkg_fc13.nasl |
| 2011-01-24 | Name : Fedora Update for dpkg FEDORA-2011-0362 File : nvt/gb_fedora_2011_0362_dpkg_fc14.nasl |
| 2011-01-11 | Name : Ubuntu Update for dpkg vulnerability USN-1038-1 File : nvt/gb_ubuntu_USN_1038_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 70368 | dpkg dpkg-source source-format Package Traversal Arbitrary File Overwrite dpkg contains a flaw that allows a context-dependent attacker to traverse outside of a restricted path. The issue is due to the dpkg-source component not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via patches for source-format packages. This directory traversal attack would allow the attacker to overwrite arbitrary files. |
| 70367 | dpkg dpkg-source Temporary File Symlink Arbitrary File Overwrite dpkg contains a flaw related to the dpkg-source component incorrectly following symlinks in the ".pc" directory when unpacking version "3.0 quilt" source packages. This may be exploited by a context-dependent attacker using a symlink attack on unspecified files in the .pc directory to modify arbitrary files. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_gnu-patch_20141120.nasl - Type : ACT_GATHER_INFO |
| 2011-01-24 | Name : The remote Fedora host is missing a security update. File : fedora_2011-0345.nasl - Type : ACT_GATHER_INFO |
| 2011-01-24 | Name : The remote Fedora host is missing a security update. File : fedora_2011-0362.nasl - Type : ACT_GATHER_INFO |
| 2011-01-07 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2142.nasl - Type : ACT_GATHER_INFO |
| 2011-01-07 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1038-1.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:29:47 |
|
