CVE-2014-7206

CWE-596 documents6 sources
Severity
3.6LOW
EPSS
0.0%
top 85.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian Advanced Package ToolDebian APT
Timeline
PublishedOct 15
Latest updateMay 13

Description

The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file.

CVSS vector

AV:L/AC:L/C:N/I:P/A:PExploitability: 3.9 | Impact: 4.9

Affected Packages3 packages

Debianapt< 1.0.9.2+3
NVDdebian/apt0.9.7.9, 1.0.9+1

🔴Vulnerability Details

3
GHSA
GHSA-pvf6-chpc-2vfx: The changelog command in Apt before 12022-05-13
OSV
CVE-2014-7206: The changelog command in Apt before 12014-10-15
CVEList
CVE-2014-7206: The changelog command in Apt before 12014-10-15

📋Vendor Advisories

2
Ubuntu
APT vulnerability2014-10-08
Debian
CVE-2014-7206: apt - The changelog command in Apt before 1.0.9.2 allows local users to write to arbit...2014
CVE-2014-7206 (LOW CVSS 3.6) | The changelog command in Apt before | cvebase.io