CVE-2010-0396
published 2010-03-15CVE-2010-0396: Directory traversal vulnerability in the dpkg-source component in dpkg before 1.14.29 allows remote attackers to modify arbitrary files via a crafted Debian…
PriorityP432medium5.8CVSS 2.0
AVNACMAuNCNIPAP
EPSS
2.01%
78.4th percentile
Directory traversal vulnerability in the dpkg-source component in dpkg before 1.14.29 allows remote attackers to modify arbitrary files via a crafted Debian source archive.
Affected
100 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | dpkg | < dpkg 1.15.6 (bookworm) | dpkg 1.15.6 (bookworm) |
| debian | dpkg | <= 1.14.28 | — |
| debian | dpkg | — | — |
| debian | dpkg | — | — |
| debian | dpkg | — | — |
| debian | dpkg | — | — |
| debian | dpkg | — | — |
| debian | dpkg | — | — |
| debian | dpkg | — | — |
| debian | dpkg | — | — |
| debian | dpkg | — | — |
| debian | dpkg | — | — |
| debian | dpkg | — | — |
| debian | dpkg | — | — |
| debian | dpkg | — | — |
| debian | dpkg | — | — |
| debian | dpkg | — | — |
| debian | dpkg | — | — |
| debian | dpkg | — | — |
| debian | dpkg | — | — |
| debian | dpkg | — | — |
| debian | dpkg | — | — |
| debian | dpkg | — | — |
| debian | dpkg | — | — |
| debian | dpkg | — | — |
CVSS provenance
nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:P
osv5.8MEDIUM
vendor_debian5.8MEDIUM
vendor_redhat5.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
dpkg vulnerability
vendor_ubuntu·2010-03-11
CVE-2010-0396 dpkg vulnerability
Title: dpkg vulnerability
Summary: dpkg vulnerability
William Grant discovered that dpkg-source did not safely apply diffs
when unpacking source packages. If a user or an automated system were
tricked into unpacking a specially crafted source package, a remote
attacker could modify files outside the target unpack directory, leading
to a denial of service or potentially gaining access to the system.
Instructions: In general, a standard system upgrade is sufficient to effect the
necessary changes.
Red Hat
dpkg: path traversal issue
vendor_redhat·2010-03-10·CVSS 5.8
CVE-2010-0396 [MEDIUM] dpkg: path traversal issue
dpkg: path traversal issue
Directory traversal vulnerability in the dpkg-source component in dpkg before 1.14.29 allows remote attackers to modify arbitrary files via a crafted Debian source archive.
Debian
CVE-2010-0396: dpkg - Directory traversal vulnerability in the dpkg-source component in dpkg before 1....
vendor_debian·2010·CVSS 5.8
CVE-2010-0396 [MEDIUM] CVE-2010-0396: dpkg - Directory traversal vulnerability in the dpkg-source component in dpkg before 1....
Directory traversal vulnerability in the dpkg-source component in dpkg before 1.14.29 allows remote attackers to modify arbitrary files via a crafted Debian source archive.
Scope: local
bookworm: resolved (fixed in 1.15.6)
bullseye: resolved (fixed in 1.15.6)
forky: resolved (fixed in 1.15.6)
sid: resolved (fixed in 1.15.6)
trixie: resolved (fixed in 1.15.6)
GHSA
GHSA-8p9h-cf62-j26q: Directory traversal vulnerability in the dpkg-source component in dpkg before 1
ghsa_unreviewed·2022-05-02
CVE-2010-0396 [MEDIUM] CWE-22 GHSA-8p9h-cf62-j26q: Directory traversal vulnerability in the dpkg-source component in dpkg before 1
Directory traversal vulnerability in the dpkg-source component in dpkg before 1.14.29 allows remote attackers to modify arbitrary files via a crafted Debian source archive.
OSV
CVE-2010-0396: Directory traversal vulnerability in the dpkg-source component in dpkg before 1
osv·2010-03-15·CVSS 5.8
CVE-2010-0396 [MEDIUM] CVE-2010-0396: Directory traversal vulnerability in the dpkg-source component in dpkg before 1
Directory traversal vulnerability in the dpkg-source component in dpkg before 1.14.29 allows remote attackers to modify arbitrary files via a crafted Debian source archive.
No detection rules found.
No public exploits indexed.
http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29.tar.gzhttp://www.debian.org/security/2010/dsa-2011http://www.vupen.com/english/advisories/2010/0582https://exchange.xforce.ibmcloud.com/vulnerabilities/56887http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29.tar.gzhttp://www.debian.org/security/2010/dsa-2011http://www.vupen.com/english/advisories/2010/0582https://exchange.xforce.ibmcloud.com/vulnerabilities/56887
2010-03-15
Published