CVE-2014-3227

dpkg 1.15.9, 1.16.x before 1.16.14, and 1.17.x before 1.17.9 expect the patch program to be compliant with a need for the "C-style encoded filenames" feature, but is supported in environments with noncompliant patch programs, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this vulnerability exists because of reliance on unrealistic constraints on the behavior of an external program.

CVSS v2.0 6.4 MEDIUM

6.4^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:P

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://openwall.com/lists/oss-security/2014/04/29/4
http://openwall.com/lists/oss-security/2014/05/29/16
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:debian:dpkg:1.16.0.1:::::::*
	cpe:2.3:a:debian:dpkg:1.16.0.2:::::::*
	cpe:2.3:a:debian:dpkg:1.16.0.3:::::::*
	cpe:2.3:a:debian:dpkg:1.16.1:::::::*
	cpe:2.3:a:debian:dpkg:1.16.7:::::::*
	cpe:2.3:a:debian:dpkg:1.16.8:::::::*
	cpe:2.3:a:debian:dpkg:1.16.9:::::::*
	cpe:2.3:a:debian:dpkg:1.17.0:::::::*
	cpe:2.3:a:debian:dpkg:1.16.12:::::::*
	cpe:2.3:a:debian:dpkg:1.16.2:::::::*
	cpe:2.3:a:debian:dpkg:1.16.3:::::::*
	cpe:2.3:a:debian:dpkg:1.16.0:::::::*
	cpe:2.3:a:debian:dpkg:1.17.3:::::::*
	cpe:2.3:a:debian:dpkg:1.17.6:::::::*
	cpe:2.3:a:debian:dpkg:1.17.7:::::::*
	cpe:2.3:a:debian:dpkg:1.16.4.2:::::::*
	cpe:2.3:a:debian:dpkg:1.16.4:::::::*
	cpe:2.3:a:debian:dpkg:1.16.1.1:::::::*
	cpe:2.3:a:debian:dpkg:1.16.5:::::::*
	cpe:2.3:a:debian:dpkg:1.17.1:::::::*
	cpe:2.3:a:debian:dpkg:1.16.11:::::::*
	cpe:2.3:a:debian:dpkg:1.17.8:::::::*
	cpe:2.3:a:debian:dpkg:1.16.6:::::::*
	cpe:2.3:a:debian:dpkg:1.17.4:::::::*
	cpe:2.3:a:debian:dpkg:1.16.4.1:::::::*
	cpe:2.3:a:debian:dpkg:1.16.1.2:::::::*
	cpe:2.3:a:debian:dpkg:1.15.9:::::::*
	cpe:2.3:a:debian:dpkg:1.16.10:::::::*
	cpe:2.3:a:debian:dpkg:1.17.5:::::::*
	cpe:2.3:a:debian:dpkg:1.16.4.3:::::::*
	cpe:2.3:a:debian:dpkg:1.17.2:::::::*

Information

Published : 2014-05-30 11:55

Updated : 2014-06-24 08:55

NVD link : CVE-2014-3227

Mitre link : CVE-2014-3227

JSON object : View

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Products Affected

debian

dpkg

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://openwall.com/lists/oss-security/2014/04/29/4", "name": "[oss-security] 20140429 CVE request: directory traversal in DSA-2915-1-patched dpkg in Debian squeeze", "tags": [], "refsource": "MLIST"}, {"url": "http://openwall.com/lists/oss-security/2014/05/29/16", "name": "[oss-security] 20140529 Re: CVE request: another path traversal in dpkg-source during unpack", "tags": [], "refsource": "MLIST"}, {"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306", "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306", "tags": [], "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "dpkg 1.15.9, 1.16.x before 1.16.14, and 1.17.x before 1.17.9 expect the patch program to be compliant with a need for the \"C-style encoded filenames\" feature, but is supported in environments with noncompliant patch programs, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this vulnerability exists because of reliance on unrealistic constraints on the behavior of an external program."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-22"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2014-3227", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 4.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2014-05-30T18:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:debian:dpkg:1.16.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:debian:dpkg:1.16.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:debian:dpkg:1.16.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:debian:dpkg:1.16.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:debian:dpkg:1.16.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:debian:dpkg:1.16.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:debian:dpkg:1.16.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:debian:dpkg:1.17.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:debian:dpkg:1.16.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:debian:dpkg:1.16.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:debian:dpkg:1.16.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:debian:dpkg:1.16.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:debian:dpkg:1.17.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:debian:dpkg:1.17.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:debian:dpkg:1.17.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:debian:dpkg:1.16.4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:debian:dpkg:1.16.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:debian:dpkg:1.16.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:debian:dpkg:1.16.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:debian:dpkg:1.17.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:debian:dpkg:1.16.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:debian:dpkg:1.17.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:debian:dpkg:1.16.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:debian:dpkg:1.17.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:debian:dpkg:1.16.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:debian:dpkg:1.16.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:debian:dpkg:1.15.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:debian:dpkg:1.16.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:debian:dpkg:1.17.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:debian:dpkg:1.16.4.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:debian:dpkg:1.17.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2014-06-24T15:55Z"}

6.4 /10