Page 2 of 9 results (0.008 seconds)

CVSS: 6.8EPSS: 2%CPEs: 125EXPL: 0

dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via a symlink attack on unspecified files in the .pc directory. dpkg-source de dpkg en versiones anteriores a la 1.14.31 y 1.15.x permite a atacantes remotos asistidos por el usuario modificar archivos de su elección a través de un ataque symlink en ficheros específicos del directorio .pc. • http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053306.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053311.html http://osvdb.org/70367 http://secunia.com/advisories/42826 http://secunia.com/advisories/42831 http://secunia.com/advisories/43054 http://www.debian.org/security/2011/dsa-2142 http://www.securityfocus.com/bid/45703 http://www.ubuntu.com/usn/USN-1038-1 http://www.vupen.com/english/advisories/2011/0040 http://w • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 6.8EPSS: 2%CPEs: 125EXPL: 0

Directory traversal vulnerability in dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via directory traversal sequences in a patch for a source-format 3.0 package. Vulnerabilidad de salto de directorio en dpkg-source en dpkg anterior a v1.14.31 y v1.15.x, permite a atacantes remotos asistidos por el usuario modificar archivos de su elección a través de secuencias de salto de directorio en un parche para un paquete en formato fuente 3.0. • http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053306.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053311.html http://osvdb.org/70368 http://secunia.com/advisories/42826 http://secunia.com/advisories/42831 http://secunia.com/advisories/43054 http://www.debian.org/security/2011/dsa-2142 http://www.securityfocus.com/bid/45703 http://www.ubuntu.com/usn/USN-1038-1 http://www.vupen.com/english/advisories/2011/0040 http://w • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 2

dpkg 1.9.21 does not properly reset the metadata of a file during replacement of the file in a package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid file, (2) setgid file, or (3) device, a related issue to CVE-2010-2059. dpkg v1.9.21 no resetea adecuadamente el metadato de un fichero durante el reemplazamiento del fichero en una paquete de actualización, lo que puede permitir a usuarios locales obtener privelgeios crando un enlace fuerte en un fichero vulnerable (1) setuid, (2) fiechero setgid, o (3) device, un tema relacionado con CVE-2010-2059. • http://lists.jammed.com/ISN/2003/12/0056.html http://www.hackinglinuxexposed.com/articles/20031214.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=225692 https://bugzilla.redhat.com/show_bug.cgi?id=598775 https://exchange.xforce.ibmcloud.com/vulnerabilities/59428 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.8EPSS: 0%CPEs: 95EXPL: 0

Directory traversal vulnerability in the dpkg-source component in dpkg before 1.14.29 allows remote attackers to modify arbitrary files via a crafted Debian source archive. Vulnerabilidad de salto de directorio en el componente dpkg-source de dpkg en versiones anteriores a la v1.14.29 permite a usuarios remotos modificar ficheros de su elección a través de archivos fuente Debian modificados. • http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29.tar.gz http://www.debian.org/security/2010/dsa-2011 http://www.vupen.com/english/advisories/2010/0582 https://exchange.xforce.ibmcloud.com/vulnerabilities/56887 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •