CVE-2014-3864

2014-05-30 20:55:06 2017-12-29 03:29:22

Directory traversal vulnerability in dpkg-source in dpkg-dev 1.3.0 allows remote attackers to modify files outside of the intended directories via a crafted source package that lacks a --- header line.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

NONE

Integrity

PARTIAL

Availability

PARTIAL

Debian Dpkg-dev 1.3.0 (not an official CPE)

Debian - Dpkg-dev

Advisory	Patch	Confirmed	Link
			DSA-2953
			67725
			[oss-security] 20140525 CVE request: another path traver...
			USN-2242-1
			https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746498

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (ID 22)

Related CAPEC 7 Relative Path Traversal (CAPEC-ID 139) Directory Traversal (CAPEC-ID 213) File System Function Injection, Content Based (CAPEC-ID 23) Using Slashes and URL Encoding Combined to Bypass Validation Logic (CAPEC-ID 64) Manipulating Input to File System Calls (CAPEC-ID 76) Using Escaped Slashes in Alternate Encoding (CAPEC-ID 78) Using Slashes in Alternate Encoding (CAPEC-ID 79)