CVE-2014-3127
Severity Score
7.1
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
dpkg 1.15.9 on Debian squeeze introduces support for the "C-style encoded filenames" feature without recognizing that the squeeze patch program lacks this feature, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this can be considered a release engineering problem in the effort to fix CVE-2014-0471.
dpkg versión 1.15.9 en squeeze de Debian, introduce soporte para la funcionalidad "C-style encoded filenames" sin reconocer que el programa parche de squeeze carece de esta característica, lo que desencadena un error de interacción que permite a los atacantes remotos conducir ataques de salto de directorio y modificar archivos fuera de los directorios previstos por medio de un paquete fuente diseñado. NOTA: esto se puede considerar un problema de ingeniería de versiones en el intento por corregir el CVE-2014-0471.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2014-04-29 CVE Reserved
- 2014-05-14 CVE Published
- 2024-05-12 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://metadata.ftp-master.debian.org/changelogs//main/d/dpkg/dpkg_1.15.10_changelog | X_refsource_confirm | |
| http://seclists.org/oss-sec/2014/q2/191 | Mailing List |
|
| http://seclists.org/oss-sec/2014/q2/227 | Mailing List |
|
| http://www.securityfocus.com/bid/67181 | Vdb Entry | |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.16.0 Search vendor "Debian" for product "Dpkg" and version "1.16.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.16.0.1 Search vendor "Debian" for product "Dpkg" and version "1.16.0.1" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.16.0.2 Search vendor "Debian" for product "Dpkg" and version "1.16.0.2" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.16.0.3 Search vendor "Debian" for product "Dpkg" and version "1.16.0.3" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.16.1 Search vendor "Debian" for product "Dpkg" and version "1.16.1" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.16.1.1 Search vendor "Debian" for product "Dpkg" and version "1.16.1.1" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.16.1.2 Search vendor "Debian" for product "Dpkg" and version "1.16.1.2" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.16.2 Search vendor "Debian" for product "Dpkg" and version "1.16.2" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.16.3 Search vendor "Debian" for product "Dpkg" and version "1.16.3" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.16.4 Search vendor "Debian" for product "Dpkg" and version "1.16.4" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.16.4.1 Search vendor "Debian" for product "Dpkg" and version "1.16.4.1" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.16.4.2 Search vendor "Debian" for product "Dpkg" and version "1.16.4.2" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.16.4.3 Search vendor "Debian" for product "Dpkg" and version "1.16.4.3" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.16.5 Search vendor "Debian" for product "Dpkg" and version "1.16.5" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.16.6 Search vendor "Debian" for product "Dpkg" and version "1.16.6" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.16.7 Search vendor "Debian" for product "Dpkg" and version "1.16.7" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.16.8 Search vendor "Debian" for product "Dpkg" and version "1.16.8" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.16.9 Search vendor "Debian" for product "Dpkg" and version "1.16.9" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.16.10 Search vendor "Debian" for product "Dpkg" and version "1.16.10" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.16.11 Search vendor "Debian" for product "Dpkg" and version "1.16.11" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.16.12 Search vendor "Debian" for product "Dpkg" and version "1.16.12" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.17.0 Search vendor "Debian" for product "Dpkg" and version "1.17.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.17.1 Search vendor "Debian" for product "Dpkg" and version "1.17.1" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.17.2 Search vendor "Debian" for product "Dpkg" and version "1.17.2" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.17.3 Search vendor "Debian" for product "Dpkg" and version "1.17.3" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.17.4 Search vendor "Debian" for product "Dpkg" and version "1.17.4" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.17.5 Search vendor "Debian" for product "Dpkg" and version "1.17.5" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.17.6 Search vendor "Debian" for product "Dpkg" and version "1.17.6" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.17.7 Search vendor "Debian" for product "Dpkg" and version "1.17.7" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.17.8 Search vendor "Debian" for product "Dpkg" and version "1.17.8" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.15.0 Search vendor "Debian" for product "Dpkg" and version "1.15.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.15.1 Search vendor "Debian" for product "Dpkg" and version "1.15.1" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.15.2 Search vendor "Debian" for product "Dpkg" and version "1.15.2" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.15.3 Search vendor "Debian" for product "Dpkg" and version "1.15.3" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.15.3.1 Search vendor "Debian" for product "Dpkg" and version "1.15.3.1" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.15.4 Search vendor "Debian" for product "Dpkg" and version "1.15.4" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.15.4.1 Search vendor "Debian" for product "Dpkg" and version "1.15.4.1" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.15.5 Search vendor "Debian" for product "Dpkg" and version "1.15.5" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.15.5.1 Search vendor "Debian" for product "Dpkg" and version "1.15.5.1" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.15.5.2 Search vendor "Debian" for product "Dpkg" and version "1.15.5.2" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.15.5.3 Search vendor "Debian" for product "Dpkg" and version "1.15.5.3" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.15.5.4 Search vendor "Debian" for product "Dpkg" and version "1.15.5.4" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.15.5.5 Search vendor "Debian" for product "Dpkg" and version "1.15.5.5" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.15.5.6 Search vendor "Debian" for product "Dpkg" and version "1.15.5.6" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.15.6 Search vendor "Debian" for product "Dpkg" and version "1.15.6" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.15.6.1 Search vendor "Debian" for product "Dpkg" and version "1.15.6.1" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.15.7 Search vendor "Debian" for product "Dpkg" and version "1.15.7" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.15.7.1 Search vendor "Debian" for product "Dpkg" and version "1.15.7.1" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.15.7.2 Search vendor "Debian" for product "Dpkg" and version "1.15.7.2" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.15.8 Search vendor "Debian" for product "Dpkg" and version "1.15.8" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.15.8.1 Search vendor "Debian" for product "Dpkg" and version "1.15.8.1" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.15.8.2 Search vendor "Debian" for product "Dpkg" and version "1.15.8.2" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.15.8.3 Search vendor "Debian" for product "Dpkg" and version "1.15.8.3" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.15.8.4 Search vendor "Debian" for product "Dpkg" and version "1.15.8.4" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.15.8.5 Search vendor "Debian" for product "Dpkg" and version "1.15.8.5" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.15.8.6 Search vendor "Debian" for product "Dpkg" and version "1.15.8.6" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.15.8.7 Search vendor "Debian" for product "Dpkg" and version "1.15.8.7" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.15.8.8 Search vendor "Debian" for product "Dpkg" and version "1.15.8.8" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.15.8.9 Search vendor "Debian" for product "Dpkg" and version "1.15.8.9" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.15.8.10 Search vendor "Debian" for product "Dpkg" and version "1.15.8.10" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.15.8.11 Search vendor "Debian" for product "Dpkg" and version "1.15.8.11" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.15.8.12 Search vendor "Debian" for product "Dpkg" and version "1.15.8.12" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.15.8.13 Search vendor "Debian" for product "Dpkg" and version "1.15.8.13" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Dpkg Search vendor "Debian" for product "Dpkg" | 1.15.9 Search vendor "Debian" for product "Dpkg" and version "1.15.9" | - |
Affected
| ||||||