CVE-2011-0402 - Improper Link Resolution Before File Access ('Link Following')

Severity

68%

Complexity

86%

Confidentiality

106%

dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via a symlink attack on unspecified files in the .pc directory.

dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via a symlink attack on unspecified files in the .pc directory.

CVSS 2.0 Base Score 6.8. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P).

Overview

First reported 14 years ago

2011-01-11 03:00:00

Last updated 7 years ago

2017-08-17 01:33:00

Affected Software

Debian dpkg 1.10.10

1.10.10

References

FEDORA-2011-0362

FEDORA-2011-0345

70367

42826

Vendor Advisory

42831

Vendor Advisory

43054

DSA-2142

45703

USN-1038-1

ADV-2011-0040

Vendor Advisory

ADV-2011-0044

Vendor Advisory

ADV-2011-0196

dpkg-dpkgsource-symlink(64614)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.