CVE-2014-3127
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
dpkg 1.15.9 on Debian squeeze introduces support for the "C-style encoded filenames" feature without recognizing that the squeeze patch program lacks this feature, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this can be considered a release engineering problem in the effort to fix CVE-2014-0471.
dpkg versión 1.15.9 en squeeze de Debian, introduce soporte para la funcionalidad "C-style encoded filenames" sin reconocer que el programa parche de squeeze carece de esta característica, lo que desencadena un error de interacción que permite a los atacantes remotos conducir ataques de salto de directorio y modificar archivos fuera de los directorios previstos por medio de un paquete fuente diseñado. NOTA: esto se puede considerar un problema de ingeniería de versiones en el intento por corregir el CVE-2014-0471.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-04-29 CVE Reserved
- 2014-05-14 CVE Published
- 2024-05-12 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
http://metadata.ftp-master.debian.org/changelogs//main/d/dpkg/dpkg_1.15.10_changelog | X_refsource_confirm | |
http://seclists.org/oss-sec/2014/q2/191 | Mailing List | |
http://seclists.org/oss-sec/2014/q2/227 | Mailing List | |
http://www.securityfocus.com/bid/67181 | Vdb Entry | |
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306 | X_refsource_confirm |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.16.0 Search vendor "Debian" for product "Dpkg" and version "1.16.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.16.0.1 Search vendor "Debian" for product "Dpkg" and version "1.16.0.1" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.16.0.2 Search vendor "Debian" for product "Dpkg" and version "1.16.0.2" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.16.0.3 Search vendor "Debian" for product "Dpkg" and version "1.16.0.3" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.16.1 Search vendor "Debian" for product "Dpkg" and version "1.16.1" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.16.1.1 Search vendor "Debian" for product "Dpkg" and version "1.16.1.1" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.16.1.2 Search vendor "Debian" for product "Dpkg" and version "1.16.1.2" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.16.2 Search vendor "Debian" for product "Dpkg" and version "1.16.2" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.16.3 Search vendor "Debian" for product "Dpkg" and version "1.16.3" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.16.4 Search vendor "Debian" for product "Dpkg" and version "1.16.4" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.16.4.1 Search vendor "Debian" for product "Dpkg" and version "1.16.4.1" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.16.4.2 Search vendor "Debian" for product "Dpkg" and version "1.16.4.2" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.16.4.3 Search vendor "Debian" for product "Dpkg" and version "1.16.4.3" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.16.5 Search vendor "Debian" for product "Dpkg" and version "1.16.5" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.16.6 Search vendor "Debian" for product "Dpkg" and version "1.16.6" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.16.7 Search vendor "Debian" for product "Dpkg" and version "1.16.7" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.16.8 Search vendor "Debian" for product "Dpkg" and version "1.16.8" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.16.9 Search vendor "Debian" for product "Dpkg" and version "1.16.9" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.16.10 Search vendor "Debian" for product "Dpkg" and version "1.16.10" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.16.11 Search vendor "Debian" for product "Dpkg" and version "1.16.11" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.16.12 Search vendor "Debian" for product "Dpkg" and version "1.16.12" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.17.0 Search vendor "Debian" for product "Dpkg" and version "1.17.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.17.1 Search vendor "Debian" for product "Dpkg" and version "1.17.1" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.17.2 Search vendor "Debian" for product "Dpkg" and version "1.17.2" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.17.3 Search vendor "Debian" for product "Dpkg" and version "1.17.3" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.17.4 Search vendor "Debian" for product "Dpkg" and version "1.17.4" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.17.5 Search vendor "Debian" for product "Dpkg" and version "1.17.5" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.17.6 Search vendor "Debian" for product "Dpkg" and version "1.17.6" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.17.7 Search vendor "Debian" for product "Dpkg" and version "1.17.7" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.17.8 Search vendor "Debian" for product "Dpkg" and version "1.17.8" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.15.0 Search vendor "Debian" for product "Dpkg" and version "1.15.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.15.1 Search vendor "Debian" for product "Dpkg" and version "1.15.1" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.15.2 Search vendor "Debian" for product "Dpkg" and version "1.15.2" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.15.3 Search vendor "Debian" for product "Dpkg" and version "1.15.3" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.15.3.1 Search vendor "Debian" for product "Dpkg" and version "1.15.3.1" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.15.4 Search vendor "Debian" for product "Dpkg" and version "1.15.4" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.15.4.1 Search vendor "Debian" for product "Dpkg" and version "1.15.4.1" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.15.5 Search vendor "Debian" for product "Dpkg" and version "1.15.5" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.15.5.1 Search vendor "Debian" for product "Dpkg" and version "1.15.5.1" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.15.5.2 Search vendor "Debian" for product "Dpkg" and version "1.15.5.2" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.15.5.3 Search vendor "Debian" for product "Dpkg" and version "1.15.5.3" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.15.5.4 Search vendor "Debian" for product "Dpkg" and version "1.15.5.4" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.15.5.5 Search vendor "Debian" for product "Dpkg" and version "1.15.5.5" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.15.5.6 Search vendor "Debian" for product "Dpkg" and version "1.15.5.6" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.15.6 Search vendor "Debian" for product "Dpkg" and version "1.15.6" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.15.6.1 Search vendor "Debian" for product "Dpkg" and version "1.15.6.1" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.15.7 Search vendor "Debian" for product "Dpkg" and version "1.15.7" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.15.7.1 Search vendor "Debian" for product "Dpkg" and version "1.15.7.1" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.15.7.2 Search vendor "Debian" for product "Dpkg" and version "1.15.7.2" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.15.8 Search vendor "Debian" for product "Dpkg" and version "1.15.8" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.15.8.1 Search vendor "Debian" for product "Dpkg" and version "1.15.8.1" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.15.8.2 Search vendor "Debian" for product "Dpkg" and version "1.15.8.2" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.15.8.3 Search vendor "Debian" for product "Dpkg" and version "1.15.8.3" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.15.8.4 Search vendor "Debian" for product "Dpkg" and version "1.15.8.4" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.15.8.5 Search vendor "Debian" for product "Dpkg" and version "1.15.8.5" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.15.8.6 Search vendor "Debian" for product "Dpkg" and version "1.15.8.6" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.15.8.7 Search vendor "Debian" for product "Dpkg" and version "1.15.8.7" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.15.8.8 Search vendor "Debian" for product "Dpkg" and version "1.15.8.8" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.15.8.9 Search vendor "Debian" for product "Dpkg" and version "1.15.8.9" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.15.8.10 Search vendor "Debian" for product "Dpkg" and version "1.15.8.10" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.15.8.11 Search vendor "Debian" for product "Dpkg" and version "1.15.8.11" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.15.8.12 Search vendor "Debian" for product "Dpkg" and version "1.15.8.12" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.15.8.13 Search vendor "Debian" for product "Dpkg" and version "1.15.8.13" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.15.9 Search vendor "Debian" for product "Dpkg" and version "1.15.9" | - |
Affected
|