CVE-2014-7206
published 2014-10-15CVE-2014-7206: The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file.
low3.6CVSS 3.1
AVLACLAuNCNIPAP
The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | advanced_package_tool | <= 1.0.9.1 | — |
| debian | advanced_package_tool | — | — |
| debian | apt | < apt 1.0.9.2 (bookworm) | apt 1.0.9.2 (bookworm) |
| debian | apt | — | — |
| debian | apt | — | — |
| debian | apt | >= 0 < 1.0.9.2 | 1.0.9.2 |
| debian | apt | >= 0 < 1.0.9.2 | 1.0.9.2 |
| debian | apt | >= 0 < 1.0.9.2 | 1.0.9.2 |
| debian | apt | >= 0 < 1.0.9.2 | 1.0.9.2 |
CVSS provenance
nvd3.6LOWAV:L/AC:L/Au:N/C:N/I:P/A:P
osv3.6LOW