CVE-2014-0471
published 2014-04-30CVE-2014-0471: Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers…
PriorityP432medium5CVSS 2.0
AVNACLAuNCNIPAN
EPSS
2.86%
85.0th percentile
Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to "C-style filename quoting."
Affected
191 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | dpkg | < dpkg 1.17.8 (bookworm) | dpkg 1.17.8 (bookworm) |
| debian | dpkg | < dpkg 1.17.9 (bookworm) | dpkg 1.17.9 (bookworm) |
| debian | dpkg | <= 1.15.8.8 | — |
| debian | dpkg | — | — |
| debian | dpkg | — | — |
| debian | dpkg | — | — |
| debian | dpkg | — | — |
| debian | dpkg | — | — |
| debian | dpkg | — | — |
| debian | dpkg | — | — |
| debian | dpkg | — | — |
| debian | dpkg | — | — |
| debian | dpkg | — | — |
| debian | dpkg | — | — |
| debian | dpkg | — | — |
| debian | dpkg | — | — |
| debian | dpkg | — | — |
| debian | dpkg | — | — |
| debian | dpkg | — | — |
| debian | dpkg | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
osv5.0MEDIUM
vendor_debian5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
dpkg vulnerability
vendor_ubuntu·2014-05-01
CVE-2014-0471 dpkg vulnerability
Title: dpkg vulnerability
Summary: A malicious source package could write files outside the unpack directory.
USN-2183-1 fixed a vulnerability in dpkg. Javier Serrano Polo discovered
that the fix introduced a vulnerability in releases with an older version
of the patch utility. This update fixes the problem.
Original advisory details:
Jakub Wilk discovered that dpkg incorrectly certain paths and symlinks when
unpacking source packages. If a user or an automated system were tricked
into unpacking a specially crafted source package, a remote attacker could
modify files outside the target unpack directory, leading to a denial of
service or potentially gaining access to the system.
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
dpkg vulnerability
vendor_ubuntu·2014-04-28
CVE-2014-0471 dpkg vulnerability
Title: dpkg vulnerability
Summary: A malicious source package could write files outside the unpack directory.
Jakub Wilk discovered that dpkg incorrectly certain paths and symlinks when
unpacking source packages. If a user or an automated system were tricked
into unpacking a specially crafted source package, a remote attacker could
modify files outside the target unpack directory, leading to a denial of
service or potentially gaining access to the system.
Instructions: In general, a standard system update will make all the necessary changes.
Debian
CVE-2014-0471: dpkg - Directory traversal vulnerability in the unpacking functionality in dpkg before ...
vendor_debian·2014·CVSS 5.0
CVE-2014-0471 [MEDIUM] CVE-2014-0471: dpkg - Directory traversal vulnerability in the unpacking functionality in dpkg before ...
Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to "C-style filename quoting."
Scope: local
bookworm: resolved (fixed in 1.17.8)
bullseye: resolved (fixed in 1.17.8)
forky: resolved (fixed in 1.17.8)
sid: resolved (fixed in 1.17.8)
trixie: resolved (fixed in 1.17.8)
Debian
CVE-2014-3127: dpkg - dpkg 1.15.9 on Debian squeeze introduces support for the "C-style encoded filena...
vendor_debian·2014·CVSS 5.0
CVE-2014-3127 [MEDIUM] CVE-2014-3127: dpkg - dpkg 1.15.9 on Debian squeeze introduces support for the "C-style encoded filena...
dpkg 1.15.9 on Debian squeeze introduces support for the "C-style encoded filenames" feature without recognizing that the squeeze patch program lacks this feature, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this can be considered a release engineering problem in the effort to fix CVE-2014-0471.
Scope: local
bookworm: resolved (fixed in 1.17.9)
bullseye: resolved (fixed in 1.17.9)
forky: resolved (fixed in 1.17.9)
sid: resolved (fixed in 1.17.9)
trixie: resolved (fixed in 1.17.9)
GHSA
GHSA-f267-j9wx-cwjf: dpkg 1
ghsa_unreviewed·2022-05-17·CVSS 5.0
CVE-2014-3127 [MEDIUM] CWE-22 GHSA-f267-j9wx-cwjf: dpkg 1
dpkg 1.15.9 on Debian squeeze introduces support for the "C-style encoded filenames" feature without recognizing that the squeeze patch program lacks this feature, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this can be considered a release engineering problem in the effort to fix CVE-2014-0471.
GHSA
GHSA-34xq-j8f4-r5cq: Directory traversal vulnerability in the unpacking functionality in dpkg before 1
ghsa_unreviewed·2022-05-17
CVE-2014-0471 [MEDIUM] CWE-22 GHSA-34xq-j8f4-r5cq: Directory traversal vulnerability in the unpacking functionality in dpkg before 1
Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to "C-style filename quoting."
OSV
CVE-2014-3127: dpkg 1
osv·2014-05-14·CVSS 5.0
CVE-2014-3127 [MEDIUM] CVE-2014-3127: dpkg 1
dpkg 1.15.9 on Debian squeeze introduces support for the "C-style encoded filenames" feature without recognizing that the squeeze patch program lacks this feature, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this can be considered a release engineering problem in the effort to fix CVE-2014-0471.
OSV
CVE-2014-0471: Directory traversal vulnerability in the unpacking functionality in dpkg before 1
osv·2014-04-30·CVSS 5.0
CVE-2014-0471 [MEDIUM] CVE-2014-0471: Directory traversal vulnerability in the unpacking functionality in dpkg before 1
Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to "C-style filename quoting."
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2014-0471 dpkg: path traversal when unpacking a source package
bugzilla·2014-04-29·CVSS 5.0
CVE-2014-0471 [MEDIUM] CVE-2014-0471 dpkg: path traversal when unpacking a source package
CVE-2014-0471 dpkg: path traversal when unpacking a source package
The Debian https://www.debian.org/security/2014/dsa-2915 advisory fixes the following issue:
"Jakub Wilk discovered that dpkg did not correctly parse C-style filename quoting, allowing for paths to be traversed when unpacking a source package - leading to the creation of files outside the directory of the source being unpacked."
This looks like the fix:
http://anonscm.debian.org/gitweb/?p=dpkg/dpkg.git;a=commitdiff;h=a82651188476841d190c58693f95827d61959b51
http://osdir.com/ml/general/2014-04/msg51025.html notes a potential issue with the fix on some systems.
Discussion:
Created dpkg tracking bugs for this issue:
Affects: fedora-all [bug 1092211]
Affects: epel-all [bug 1092212]
---
> http://osdir.com/ml/general/20
Bugzilla
CVE-2014-0471 dpkg: path traversal when unpacking a source package [fedora-all]
bugzilla·2014-04-29·CVSS 5.0
CVE-2014-0471 [MEDIUM] CVE-2014-0471 dpkg: path traversal when unpacking a source package [fedora-all]
CVE-2014-0471 dpkg: path traversal when unpacking a source package [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, use the bodhi submission link noted
in the next comment(s). This will include the bug IDs of this tracking
bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
NOTE: this issue affects multipl
Bugzilla
CVE-2014-0471 dpkg: path traversal when unpacking a source package [epel-all]
bugzilla·2014-04-29·CVSS 5.0
CVE-2014-0471 [MEDIUM] CVE-2014-0471 dpkg: path traversal when unpacking a source package [epel-all]
CVE-2014-0471 dpkg: path traversal when unpacking a source package [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, use the bodhi submission link noted
in the next comment(s). This will include the bug IDs of this tracking
bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
NOTE: this issue affects mult
2014-04-30
Published