[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

255116

 
 

909

 
 

198683

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-7206Date: (C)2014-10-15   (M)2023-12-22


The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 3.6
Exploit Score: 3.9
Impact Score: 4.9
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECUNIA-61158
SECUNIA-61333
SECUNIA-61768
BID-70310
DSA-3048
USN-2370-1
apt-cve20147206-symlink(96951)
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=763780

CPE    1
cpe:/a:debian:advanced_package_tool:1.0.8
CWE    1
CWE-59
OVAL    3
oval:org.secpod.oval:def:52319
oval:org.secpod.oval:def:702246
oval:org.secpod.oval:def:601792

© SecPod Technologies