CVE-2015-0840

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2015-0840
The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc).

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157387.html
http://lists.opensuse.org/opensuse-updates/2015-06/msg00029.html
http://www.debian.org/security/2015/dsa-3217 Vendor Advisory
http://www.ubuntu.com/usn/USN-2566-1 Patch
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:debian:dpkg:*:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.17.0:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.17.1:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.17.2:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.17.3:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.17.4:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.17.5:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.17.6:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.17.7:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.17.8:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.17.9:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.17.10:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.17.11:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.17.12:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.17.13:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.17.14:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.17.15:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.17.16:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.17.17:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.17.18:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.17.19:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.17.20:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.17.21:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.17.22:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.17.23:*:*:*:*:*:*:*
cpe:2.3:a:debian:dpkg:1.17.24:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
History

No history.

Information

Published : 2015-04-13 14:59

Updated : 2017-01-03 02:59

NVD link : CVE-2015-0840

Mitre link : CVE-2015-0840

CVE.ORG link : CVE-2015-0840

JSON object : View

Products Affected

canonical

  • ubuntu_linux

debian

  • dpkg
CWE
CWE-284

Improper Access Control