FKIE_CVE-2014-3127
Vulnerability from fkie_nvd - Published: 2014-05-14 00:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
dpkg 1.15.9 on Debian squeeze introduces support for the "C-style encoded filenames" feature without recognizing that the squeeze patch program lacks this feature, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this can be considered a release engineering problem in the effort to fix CVE-2014-0471.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | dpkg | 1.16.0 | |
| debian | dpkg | 1.16.0.1 | |
| debian | dpkg | 1.16.0.2 | |
| debian | dpkg | 1.16.0.3 | |
| debian | dpkg | 1.16.1 | |
| debian | dpkg | 1.16.1.1 | |
| debian | dpkg | 1.16.1.2 | |
| debian | dpkg | 1.16.2 | |
| debian | dpkg | 1.16.3 | |
| debian | dpkg | 1.16.4 | |
| debian | dpkg | 1.16.4.1 | |
| debian | dpkg | 1.16.4.2 | |
| debian | dpkg | 1.16.4.3 | |
| debian | dpkg | 1.16.5 | |
| debian | dpkg | 1.16.6 | |
| debian | dpkg | 1.16.7 | |
| debian | dpkg | 1.16.8 | |
| debian | dpkg | 1.16.9 | |
| debian | dpkg | 1.16.10 | |
| debian | dpkg | 1.16.11 | |
| debian | dpkg | 1.16.12 | |
| debian | dpkg | 1.17.0 | |
| debian | dpkg | 1.17.1 | |
| debian | dpkg | 1.17.2 | |
| debian | dpkg | 1.17.3 | |
| debian | dpkg | 1.17.4 | |
| debian | dpkg | 1.17.5 | |
| debian | dpkg | 1.17.6 | |
| debian | dpkg | 1.17.7 | |
| debian | dpkg | 1.17.8 | |
| debian | dpkg | 1.15.0 | |
| debian | dpkg | 1.15.1 | |
| debian | dpkg | 1.15.2 | |
| debian | dpkg | 1.15.3 | |
| debian | dpkg | 1.15.3.1 | |
| debian | dpkg | 1.15.4 | |
| debian | dpkg | 1.15.4.1 | |
| debian | dpkg | 1.15.5 | |
| debian | dpkg | 1.15.5.1 | |
| debian | dpkg | 1.15.5.2 | |
| debian | dpkg | 1.15.5.3 | |
| debian | dpkg | 1.15.5.4 | |
| debian | dpkg | 1.15.5.5 | |
| debian | dpkg | 1.15.5.6 | |
| debian | dpkg | 1.15.6 | |
| debian | dpkg | 1.15.6.1 | |
| debian | dpkg | 1.15.7 | |
| debian | dpkg | 1.15.7.1 | |
| debian | dpkg | 1.15.7.2 | |
| debian | dpkg | 1.15.8 | |
| debian | dpkg | 1.15.8.1 | |
| debian | dpkg | 1.15.8.2 | |
| debian | dpkg | 1.15.8.3 | |
| debian | dpkg | 1.15.8.4 | |
| debian | dpkg | 1.15.8.5 | |
| debian | dpkg | 1.15.8.6 | |
| debian | dpkg | 1.15.8.7 | |
| debian | dpkg | 1.15.8.8 | |
| debian | dpkg | 1.15.8.9 | |
| debian | dpkg | 1.15.8.10 | |
| debian | dpkg | 1.15.8.11 | |
| debian | dpkg | 1.15.8.12 | |
| debian | dpkg | 1.15.8.13 | |
| debian | dpkg | 1.15.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "60B76474-A71E-4BEA-880B-88A8F0E9E79D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5918D066-8950-44D5-9F14-72C499F9F40A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "623BF341-D9EC-43DF-BA62-D45FDC1FE4E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D6692AB-7927-4D4B-8E11-EA9B7B93836C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B6EE875E-DEC4-443C-8921-B4658CA2B2C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4BDD2CFE-61E4-436E-9D49-7F1977904EB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "12DB535B-9C12-4B13-8B6E-AB4EEC1CFF9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6675F9A6-FA20-4AF7-B57F-85595103AA61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3322B7E4-D815-40B6-836A-2D070F9D0528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A67143CC-3137-49B3-955C-43C405DB847B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B1CA956E-51BC-428E-9730-31797A34BE3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3AFC055D-9B64-428C-9D85-CFC2F27EB906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "00E6E62F-B11F-4060-8AAF-A9FA73749422",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0B05CB56-6994-4F75-8015-03F554CD7D78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B5CF35EC-CCBF-4096-BCAF-98A15DE6D78C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.7:*:*:*:*:*:*:*",
"matchCriteriaId": "42C819CC-48E9-4E85-A564-456A27481852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9D7B2152-3086-4094-8AE2-6E1AF9D35BF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EF5B9CC6-C288-4E8C-AC99-D4717DBE63FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.10:*:*:*:*:*:*:*",
"matchCriteriaId": "65CD971C-EB83-4456-A368-F57B9391599A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.11:*:*:*:*:*:*:*",
"matchCriteriaId": "B8CA877A-533B-4B60-A90B-8A958FCA2DF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.16.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B71A62D9-8013-4528-8EB0-75C18435AE24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D18D2B08-C8DD-475D-8E7D-F39E8C24723B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA424995-B5E0-4C8A-862B-5290506DF94E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "43F974E2-41AF-42B2-8EE7-02724FD37673",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EFD1F763-34E3-4B39-9184-6CCCD75733A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1C8ADF13-CEF9-400B-BACA-F64AFDEEED7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2B2595A0-024B-4C82-8626-9471A3FB96D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E81B04E7-FBA1-45D3-B458-3B57DF331796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.7:*:*:*:*:*:*:*",
"matchCriteriaId": "934A9FC7-1B44-4A70-83B6-21783C5BB9BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.17.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A66344A0-A556-4E72-9954-CBC0FF9B900F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D266110F-6EDD-4570-8B5C-BB6A620D7510",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5489857D-D325-41D1-991C-1664EB63CF2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EF34E4C1-9160-4052-951A-D08835024AC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "30E46BF1-5BC3-429B-9A16-2F95620A8FE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B7B3327F-8A47-4D13-A48A-3157B6318F9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "90246AB1-F0C4-432B-AA2D-A644084C0C74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "44EAC604-FF3B-470A-9413-EBAC32DC1322",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.5:*:*:*:*:*:*:*",
"matchCriteriaId": "84E9FBA6-6418-448F-800E-970C9D08877F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "98521A64-4E54-472F-AC7C-73005551CEA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "421D9F1E-EF92-47E3-98D6-8C824862F7A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D85C04B-FC70-41BD-8994-B7C1AF6048BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CAFD7DD4-555B-4757-B459-01B9D915A9B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C7B906-87E1-44F3-AF35-5BFEF574F180",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0984921F-8EAB-4740-B2CC-4269C4CF6C93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F48CB557-229E-4BA5-84C6-DBEA06552D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5F27F9EA-226F-450F-A181-F100E49A90B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ED9E199F-1994-4C5C-B8DB-D6002FD95AE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "419D7AA6-745E-4254-9743-6AC136DB1893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F1F3BE1-30BA-4780-9924-D5B0E4F50EAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3BFBE00A-3FB7-4D10-807C-67CA59B91044",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E486ABD-DD1D-43A9-9783-894694E0F14C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "87DEA4E0-8BF1-4558-88F3-D3F3D8161287",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1405C137-D923-436C-A006-F232961BAB24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CD929336-FAFB-480C-8CD1-3264C3BE529B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9F2B117A-2746-458B-AB77-37EB40646482",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DD8A1B4A-59D3-4D0F-80CC-7D8F94B5699E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A12559EE-7FAC-4C21-99CC-D076E98CA137",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "07B7B48B-B915-43D7-9AE4-EA1322925EDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B7AE1019-67C2-4334-83DC-75754C997079",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B4AC0E03-C115-4B5C-9D1B-CD86B749B8C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C0C7B663-4ADD-42A7-B302-975C05288BDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B9EE9B3E-C62B-4C97-A8A5-16CCAA392FD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.8.13:*:*:*:*:*:*:*",
"matchCriteriaId": "248E90A5-6A3C-4647-891E-005DA3A46C6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:dpkg:1.15.9:*:*:*:*:*:*:*",
"matchCriteriaId": "35ECCA17-BB6A-4DDA-8F26-C84628B95A3A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "dpkg 1.15.9 on Debian squeeze introduces support for the \"C-style encoded filenames\" feature without recognizing that the squeeze patch program lacks this feature, which triggers an interaction error that allows remote attackers to conduct directory traversal attacks and modify files outside of the intended directories via a crafted source package. NOTE: this can be considered a release engineering problem in the effort to fix CVE-2014-0471."
},
{
"lang": "es",
"value": "dpkg versi\u00f3n 1.15.9 en squeeze de Debian, introduce soporte para la funcionalidad \"C-style encoded filenames\" sin reconocer que el programa parche de squeeze carece de esta caracter\u00edstica, lo que desencadena un error de interacci\u00f3n que permite a los atacantes remotos conducir ataques de salto de directorio y modificar archivos fuera de los directorios previstos por medio de un paquete fuente dise\u00f1ado. NOTA: esto se puede considerar un problema de ingenier\u00eda de versiones en el intento por corregir el CVE-2014-0471."
}
],
"id": "CVE-2014-3127",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 9.2,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-05-14T00:55:10.400",
"references": [
{
"source": "cve@mitre.org",
"url": "http://metadata.ftp-master.debian.org/changelogs//main/d/dpkg/dpkg_1.15.10_changelog"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/oss-sec/2014/q2/191"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/oss-sec/2014/q2/227"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/67181"
},
{
"source": "cve@mitre.org",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://metadata.ftp-master.debian.org/changelogs//main/d/dpkg/dpkg_1.15.10_changelog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2014/q2/191"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2014/q2/227"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/67181"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746306"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…