CVE-2014-7206

Published Oct 15, 2014

Last updated 3 months ago

CVSS info 3.6

Overview

Description: The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file.
Source: security@debian.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 3.6
Impact score: 4.9
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:N/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-59

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:debian:advanced_package_tool:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EDAC8B26-1346-4622-8BFB-2AF7A1BEDD8E",
            "versionEndIncluding": "1.0.9.1"
          },
          {
            "criteria": "cpe:2.3:a:debian:advanced_package_tool:1.0.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E70C7BF1-F191-40F2-8247-916F1AB07FB4"
          },
          {
            "criteria": "cpe:2.3:a:debian:apt:0.9.7.9:ubunto3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "06A404D3-1A48-4AAE-A2C7-399F84D35C05"
          },
          {
            "criteria": "cpe:2.3:a:debian:apt:0.9.7.9:ubunto4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4BC51119-7345-4065-8BB6-74F641E4E152"
          },
          {
            "criteria": "cpe:2.3:a:debian:apt:0.9.7.9:ubunto5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "43493B4D-F0AE-4B7A-8729-2DFC5FF30F00"
          },
          {
            "criteria": "cpe:2.3:a:debian:apt:1.0.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0041B2D4-89F7-4A48-9026-779E7DDC0763"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References