CVE-2014-7206
Published Oct 15, 2014
Last updated 5 years ago
Overview
- Description
- The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file.
- Source
- security@debian.org
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 3.6
- Impact score
- 4.9
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:N/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-59
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EDAC8B26-1346-4622-8BFB-2AF7A1BEDD8E",
"versionEndIncluding": "1.0.9.1"
},
{
"criteria": "cpe:2.3:a:debian:advanced_package_tool:1.0.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E70C7BF1-F191-40F2-8247-916F1AB07FB4"
},
{
"criteria": "cpe:2.3:a:debian:apt:0.9.7.9:ubunto3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "06A404D3-1A48-4AAE-A2C7-399F84D35C05"
},
{
"criteria": "cpe:2.3:a:debian:apt:0.9.7.9:ubunto4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4BC51119-7345-4065-8BB6-74F641E4E152"
},
{
"criteria": "cpe:2.3:a:debian:apt:0.9.7.9:ubunto5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "43493B4D-F0AE-4B7A-8729-2DFC5FF30F00"
},
{
"criteria": "cpe:2.3:a:debian:apt:1.0.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0041B2D4-89F7-4A48-9026-779E7DDC0763"
}
],
"operator": "OR"
}
]
}
]