CVE-2015-0860

Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an "old-style" Debian binary package, which triggers a stack-based buffer overflow.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.debian.org/security/2015/dsa-3407	Vendor Advisory
http://www.ubuntu.com/usn/USN-2820-1
https://anonscm.debian.org/cgit/dpkg/dpkg.git/commit/dpkg-deb/extract.c?id=e65aa3db04eb908c9507d5d356a95cedb890814d
https://blog.fuzzing-project.org/30-Stack-overflows-and-out-of-bounds-read-in-dpkg-Debian.html
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798324
https://security.gentoo.org/glsa/201612-07

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:15.04:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:15.10:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:debian:dpkg:1.16.0:::::::*
	cpe:2.3:a:debian:dpkg:1.16.0.1:::::::*
	cpe:2.3:a:debian:dpkg:1.16.0.2:::::::*
	cpe:2.3:a:debian:dpkg:1.16.0.3:::::::*
	cpe:2.3:a:debian:dpkg:1.16.1:::::::*
	cpe:2.3:a:debian:dpkg:1.16.1.1:::::::*
	cpe:2.3:a:debian:dpkg:1.16.1.2:::::::*
	cpe:2.3:a:debian:dpkg:1.16.2:::::::*
	cpe:2.3:a:debian:dpkg:1.16.3:::::::*
	cpe:2.3:a:debian:dpkg:1.16.4:::::::*
	cpe:2.3:a:debian:dpkg:1.16.4.1:::::::*
	cpe:2.3:a:debian:dpkg:1.16.4.2:::::::*
	cpe:2.3:a:debian:dpkg:1.16.4.3:::::::*
	cpe:2.3:a:debian:dpkg:1.16.5:::::::*
	cpe:2.3:a:debian:dpkg:1.16.6:::::::*
	cpe:2.3:a:debian:dpkg:1.16.7:::::::*
	cpe:2.3:a:debian:dpkg:1.16.8:::::::*
	cpe:2.3:a:debian:dpkg:1.16.9:::::::*
	cpe:2.3:a:debian:dpkg:1.16.10:::::::*
	cpe:2.3:a:debian:dpkg:1.16.11:::::::*
	cpe:2.3:a:debian:dpkg:1.16.12:::::::*
	cpe:2.3:a:debian:dpkg:1.16.15:::::::*
	cpe:2.3:a:debian:dpkg:1.17.0:::::::*
	cpe:2.3:a:debian:dpkg:1.17.1:::::::*
	cpe:2.3:a:debian:dpkg:1.17.2:::::::*
	cpe:2.3:a:debian:dpkg:1.17.3:::::::*
	cpe:2.3:a:debian:dpkg:1.17.4:::::::*
	cpe:2.3:a:debian:dpkg:1.17.5:::::::*
	cpe:2.3:a:debian:dpkg:1.17.6:::::::*
	cpe:2.3:a:debian:dpkg:1.17.7:::::::*
	cpe:2.3:a:debian:dpkg:1.17.8:::::::*
	cpe:2.3:a:debian:dpkg:1.17.9:::::::*
	cpe:2.3:a:debian:dpkg:1.17.10:::::::*
	cpe:2.3:a:debian:dpkg:1.17.11:::::::*
	cpe:2.3:a:debian:dpkg:1.17.12:::::::*
	cpe:2.3:a:debian:dpkg:1.17.13:::::::*
	cpe:2.3:a:debian:dpkg:1.17.14:::::::*
	cpe:2.3:a:debian:dpkg:1.17.15:::::::*
	cpe:2.3:a:debian:dpkg:1.17.16:::::::*
	cpe:2.3:a:debian:dpkg:1.17.17:::::::*
	cpe:2.3:a:debian:dpkg:1.17.18:::::::*
	cpe:2.3:a:debian:dpkg:1.17.19:::::::*
	cpe:2.3:a:debian:dpkg:1.17.20:::::::*
	cpe:2.3:a:debian:dpkg:1.17.21:::::::*
	cpe:2.3:a:debian:dpkg:1.17.22:::::::*
	cpe:2.3:a:debian:dpkg:1.17.23:::::::*
	cpe:2.3:a:debian:dpkg:1.17.24:::::::*
	cpe:2.3:a:debian:dpkg:1.17.25:::::::*

History

No history.

Information

Published : 2015-12-03 20:59

Updated : 2017-07-01 01:29

NVD link : CVE-2015-0860

Mitre link : CVE-2015-0860

CVE.ORG link : CVE-2015-0860

JSON object : View

Products Affected

canonical

ubuntu_linux

debian

dpkg

CWE

CWE-189

Numeric Errors

7.5 /10