CVE-2014-0471

Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to "C-style filename quoting."

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.debian.org/security/2014/dsa-2915	Vendor Advisory
http://www.securityfocus.com/bid/67106
http://www.ubuntu.com/usn/USN-2183-1	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:debian:dpkg::::::::
	cpe:2.3:a:debian:dpkg:1.9.1:::::::*
	cpe:2.3:a:debian:dpkg:1.9.2:::::::*
	cpe:2.3:a:debian:dpkg:1.9.3:::::::*
	cpe:2.3:a:debian:dpkg:1.9.7:::::::*
	cpe:2.3:a:debian:dpkg:1.9.8:::::::*
	cpe:2.3:a:debian:dpkg:1.9.9:::::::*
	cpe:2.3:a:debian:dpkg:1.9.10:::::::*
	cpe:2.3:a:debian:dpkg:1.9.11:::::::*
	cpe:2.3:a:debian:dpkg:1.9.12:::::::*
	cpe:2.3:a:debian:dpkg:1.9.13:::::::*
	cpe:2.3:a:debian:dpkg:1.9.14:::::::*
	cpe:2.3:a:debian:dpkg:1.9.15:::::::*
	cpe:2.3:a:debian:dpkg:1.9.16:::::::*
	cpe:2.3:a:debian:dpkg:1.9.17:::::::*
	cpe:2.3:a:debian:dpkg:1.9.18:::::::*
	cpe:2.3:a:debian:dpkg:1.9.19:::::::*
	cpe:2.3:a:debian:dpkg:1.9.20:::::::*
	cpe:2.3:a:debian:dpkg:1.9.21:::::::*
	cpe:2.3:a:debian:dpkg:1.10:::::::*
	cpe:2.3:a:debian:dpkg:1.10.1:::::::*
	cpe:2.3:a:debian:dpkg:1.10.2:::::::*
	cpe:2.3:a:debian:dpkg:1.10.3:::::::*
	cpe:2.3:a:debian:dpkg:1.10.4:::::::*
	cpe:2.3:a:debian:dpkg:1.10.5:::::::*
	cpe:2.3:a:debian:dpkg:1.10.6:::::::*
	cpe:2.3:a:debian:dpkg:1.10.7:::::::*
	cpe:2.3:a:debian:dpkg:1.10.8:::::::*
	cpe:2.3:a:debian:dpkg:1.10.9:::::::*
	cpe:2.3:a:debian:dpkg:1.10.11:::::::*
	cpe:2.3:a:debian:dpkg:1.10.12:::::::*
	cpe:2.3:a:debian:dpkg:1.10.13:::::::*
	cpe:2.3:a:debian:dpkg:1.10.14:::::::*
	cpe:2.3:a:debian:dpkg:1.10.15:::::::*
	cpe:2.3:a:debian:dpkg:1.10.16:::::::*
	cpe:2.3:a:debian:dpkg:1.10.17:::::::*
	cpe:2.3:a:debian:dpkg:1.10.18:::::::*
	cpe:2.3:a:debian:dpkg:1.10.18.1:::::::*
	cpe:2.3:a:debian:dpkg:1.10.19:::::::*
	cpe:2.3:a:debian:dpkg:1.10.20:::::::*
	cpe:2.3:a:debian:dpkg:1.10.21:::::::*
	cpe:2.3:a:debian:dpkg:1.10.22:::::::*
	cpe:2.3:a:debian:dpkg:1.10.23:::::::*
	cpe:2.3:a:debian:dpkg:1.10.24:::::::*
	cpe:2.3:a:debian:dpkg:1.10.25:::::::*
	cpe:2.3:a:debian:dpkg:1.10.26:::::::*
	cpe:2.3:a:debian:dpkg:1.10.27:::::::*
	cpe:2.3:a:debian:dpkg:1.10.28:::::::*
	cpe:2.3:a:debian:dpkg:1.13.0:::::::*
	cpe:2.3:a:debian:dpkg:1.13.1:::::::*
	cpe:2.3:a:debian:dpkg:1.13.2:::::::*
	cpe:2.3:a:debian:dpkg:1.13.3:::::::*
	cpe:2.3:a:debian:dpkg:1.13.4:::::::*
	cpe:2.3:a:debian:dpkg:1.13.5:::::::*
	cpe:2.3:a:debian:dpkg:1.13.6:::::::*
	cpe:2.3:a:debian:dpkg:1.13.7:::::::*
	cpe:2.3:a:debian:dpkg:1.13.8:::::::*
	cpe:2.3:a:debian:dpkg:1.13.9:::::::*
	cpe:2.3:a:debian:dpkg:1.13.10:::::::*
	cpe:2.3:a:debian:dpkg:1.13.11:::::::*
	cpe:2.3:a:debian:dpkg:1.13.11.1:::::::*
	cpe:2.3:a:debian:dpkg:1.13.12:::::::*
	cpe:2.3:a:debian:dpkg:1.13.13:::::::*
	cpe:2.3:a:debian:dpkg:1.13.14:::::::*
cpe:2.3:a:debian:dpkg:1.13.15:::::::*
cpe:2.3:a:debian:dpkg:1.13.16:::::::*
cpe:2.3:a:debian:dpkg:1.13.17:::::::*
cpe:2.3:a:debian:dpkg:1.13.18:::::::*
cpe:2.3:a:debian:dpkg:1.13.19:::::::*
cpe:2.3:a:debian:dpkg:1.13.20:::::::*
cpe:2.3:a:debian:dpkg:1.13.21:::::::*
cpe:2.3:a:debian:dpkg:1.13.22:::::::*
cpe:2.3:a:debian:dpkg:1.13.23:::::::*
cpe:2.3:a:debian:dpkg:1.13.24:::::::*
cpe:2.3:a:debian:dpkg:1.13.25:::::::*
cpe:2.3:a:debian:dpkg:1.14.0:::::::*
cpe:2.3:a:debian:dpkg:1.14.1:::::::*
cpe:2.3:a:debian:dpkg:1.14.2:::::::*
cpe:2.3:a:debian:dpkg:1.14.3:::::::*
cpe:2.3:a:debian:dpkg:1.14.4:::::::*
cpe:2.3:a:debian:dpkg:1.14.5:::::::*
cpe:2.3:a:debian:dpkg:1.14.6:::::::*
cpe:2.3:a:debian:dpkg:1.14.7:::::::*
cpe:2.3:a:debian:dpkg:1.14.8:::::::*
cpe:2.3:a:debian:dpkg:1.14.9:::::::*
cpe:2.3:a:debian:dpkg:1.14.10:::::::*
cpe:2.3:a:debian:dpkg:1.14.11:::::::*
cpe:2.3:a:debian:dpkg:1.14.12:::::::*
cpe:2.3:a:debian:dpkg:1.14.13:::::::*
cpe:2.3:a:debian:dpkg:1.14.14:::::::*
cpe:2.3:a:debian:dpkg:1.14.15:::::::*
cpe:2.3:a:debian:dpkg:1.14.16:::::::*
cpe:2.3:a:debian:dpkg:1.14.16.1:::::::*
cpe:2.3:a:debian:dpkg:1.14.16.2:::::::*
cpe:2.3:a:debian:dpkg:1.14.16.3:::::::*
cpe:2.3:a:debian:dpkg:1.14.16.4:::::::*
cpe:2.3:a:debian:dpkg:1.14.16.5:::::::*
cpe:2.3:a:debian:dpkg:1.14.16.6:::::::*
cpe:2.3:a:debian:dpkg:1.14.17:::::::*
cpe:2.3:a:debian:dpkg:1.14.18:::::::*
cpe:2.3:a:debian:dpkg:1.14.19:::::::*
cpe:2.3:a:debian:dpkg:1.14.20:::::::*
cpe:2.3:a:debian:dpkg:1.14.21:::::::*
cpe:2.3:a:debian:dpkg:1.14.22:::::::*
cpe:2.3:a:debian:dpkg:1.14.23:::::::*
cpe:2.3:a:debian:dpkg:1.14.24:::::::*
cpe:2.3:a:debian:dpkg:1.14.25:::::::*
cpe:2.3:a:debian:dpkg:1.14.26:::::::*
cpe:2.3:a:debian:dpkg:1.14.27:::::::*
cpe:2.3:a:debian:dpkg:1.14.28:::::::*
cpe:2.3:a:debian:dpkg:1.14.29:::::::*
cpe:2.3:a:debian:dpkg:1.14.30:::::::*
cpe:2.3:a:debian:dpkg:1.15.0:::::::*
cpe:2.3:a:debian:dpkg:1.15.1:::::::*
cpe:2.3:a:debian:dpkg:1.15.2:::::::*
cpe:2.3:a:debian:dpkg:1.15.3:::::::*
cpe:2.3:a:debian:dpkg:1.15.3.1:::::::*
cpe:2.3:a:debian:dpkg:1.15.4:::::::*
cpe:2.3:a:debian:dpkg:1.15.4.1:::::::*
cpe:2.3:a:debian:dpkg:1.15.5:::::::*
cpe:2.3:a:debian:dpkg:1.15.5.1:::::::*
cpe:2.3:a:debian:dpkg:1.15.5.2:::::::*
cpe:2.3:a:debian:dpkg:1.15.5.3:::::::*
cpe:2.3:a:debian:dpkg:1.15.5.4:::::::*
cpe:2.3:a:debian:dpkg:1.15.5.5:::::::*
cpe:2.3:a:debian:dpkg:1.15.5.6:::::::*
cpe:2.3:a:debian:dpkg:1.15.6:::::::*
cpe:2.3:a:debian:dpkg:1.15.6.1:::::::*
cpe:2.3:a:debian:dpkg:1.15.7:::::::*
cpe:2.3:a:debian:dpkg:1.15.7.1:::::::*
cpe:2.3:a:debian:dpkg:1.15.7.2:::::::*
cpe:2.3:a:debian:dpkg:1.15.8:::::::*
cpe:2.3:a:debian:dpkg:1.15.8.1:::::::*
cpe:2.3:a:debian:dpkg:1.15.8.2:::::::*
cpe:2.3:a:debian:dpkg:1.15.8.3:::::::*
cpe:2.3:a:debian:dpkg:1.15.8.4:::::::*
cpe:2.3:a:debian:dpkg:1.15.8.5:::::::*
cpe:2.3:a:debian:dpkg:1.15.8.6:::::::*
cpe:2.3:a:debian:dpkg:1.15.8.7:::::::*
cpe:2.3:a:debian:dpkg:1.15.8.9:::::::*
cpe:2.3:a:debian:dpkg:1.16.0:::::::*
cpe:2.3:a:debian:dpkg:1.16.0.1:::::::*
cpe:2.3:a:debian:dpkg:1.16.0.2:::::::*
cpe:2.3:a:debian:dpkg:1.16.0.3:::::::*
cpe:2.3:a:debian:dpkg:1.16.1:::::::*
cpe:2.3:a:debian:dpkg:1.16.1.1:::::::*
cpe:2.3:a:debian:dpkg:1.16.1.2:::::::*
cpe:2.3:a:debian:dpkg:1.16.2:::::::*
cpe:2.3:a:debian:dpkg:1.16.3:::::::*
cpe:2.3:a:debian:dpkg:1.16.4:::::::*
cpe:2.3:a:debian:dpkg:1.16.4.1:::::::*
cpe:2.3:a:debian:dpkg:1.16.4.2:::::::*
cpe:2.3:a:debian:dpkg:1.16.4.3:::::::*
cpe:2.3:a:debian:dpkg:1.16.5:::::::*
cpe:2.3:a:debian:dpkg:1.16.6:::::::*
cpe:2.3:a:debian:dpkg:1.16.7:::::::*
cpe:2.3:a:debian:dpkg:1.16.8:::::::*
cpe:2.3:a:debian:dpkg:1.16.9:::::::*
cpe:2.3:a:debian:dpkg:1.16.10:::::::*
cpe:2.3:a:debian:dpkg:1.16.11:::::::*
cpe:2.3:a:debian:dpkg:1.16.12:::::::*
cpe:2.3:a:debian:dpkg:1.17.0:::::::*
cpe:2.3:a:debian:dpkg:1.17.1:::::::*
cpe:2.3:a:debian:dpkg:1.17.2:::::::*
cpe:2.3:a:debian:dpkg:1.17.3:::::::*
cpe:2.3:a:debian:dpkg:1.17.4:::::::*
cpe:2.3:a:debian:dpkg:1.17.5:::::::*
cpe:2.3:a:debian:dpkg:1.17.6:::::::*
cpe:2.3:a:debian:dpkg:1.17.7:::::::*
cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:::::*
cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:::::*
cpe:2.3:o:canonical:ubuntu_linux:12.10:::::::*
cpe:2.3:o:canonical:ubuntu_linux:13.10:::::::*
cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

History

No history.

Information

Published : 2014-04-30 14:22

Updated : 2015-10-16 14:53

NVD link : CVE-2014-0471

Mitre link : CVE-2014-0471

CVE.ORG link : CVE-2014-0471

JSON object : View

Products Affected

canonical

ubuntu_linux

debian

dpkg

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

5.0 /10