CVE-2015-0840

CWE-284Improper Access Control12 documents7 sources
Severity
4.3MEDIUM
EPSS
0.6%
top 29.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian DpkgCanonical Ubuntu Linux
Timeline
PublishedApr 13
Latest updateMay 17

Description

The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc).

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

NVDdebian/dpkg1.16.15+25
Debiandpkg< 1.17.25+3

Also affects: Ubuntu Linux 10.04, 12.04, 14.04, 14.10

Patches

Patch: www.ubuntu.comPatch: www.ubuntu.com

🔴Vulnerability Details

3
GHSA
GHSA-mrx8-xmg2-v94q: The dpkg-source command in Debian dpkg before 12022-05-17
OSV
CVE-2015-0840: The dpkg-source command in Debian dpkg before 12015-04-13
CVEList
CVE-2015-0840: The dpkg-source command in Debian dpkg before 12015-04-13

📋Vendor Advisories

2
Ubuntu
dpkg vulnerability2015-04-09
Debian
CVE-2015-0840: dpkg - The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 ...2015

💬Community

6
Bugzilla
python-debian: GPG keys verification bypass (similar to CVE-2015-0840) [fedora-all]2015-04-10
Bugzilla
CVE-2015-0840 dpkg: source package integrity verification bypass [fedora-all]2015-04-10
Bugzilla
CVE-2015-0840 dpkg: source package integrity verification bypass [epel-all]2015-04-10
Bugzilla
python-debian: GPG keys verification bypass (similar to CVE-2015-0840) [epel-all]2015-04-10
Bugzilla
python-debian: GPG keys verification bypass (similar to CVE-2015-0840)2015-04-10
CVE-2015-0840 (MEDIUM CVSS 4.3) | The dpkg-source command in Debian d | cvebase.io