Vulnerability Details : CVE-2011-0402
dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via a symlink attack on unspecified files in the .pc directory.
Products affected by CVE-2011-0402
- cpe:2.3:a:debian:dpkg:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.9.21:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.27:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.19:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.18:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.16.1:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.16:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.9:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.8:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.7:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.0:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.13.25:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.13.18:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.13.17:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.13.11:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.13.10:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.13.9:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.13.2:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.13.1:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.10.23:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.10.22:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.10.15:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.10.14:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.10.7:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.10.6:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.9.20:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.23:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.22:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.16.5:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.16.4:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.13:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.12:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.4:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.3:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.13.22:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.13.21:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.13.14:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.13.13:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.13.6:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.13.5:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.10.27:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.10.26:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.10.19:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.10.18.1:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.10.11:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.10.10:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.10.3:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.10.2:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.26:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.25:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.24:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.17:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.16.6:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.15:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.14:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.6:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.5:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.13.24:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.13.23:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.13.16:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.13.15:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.13.8:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.13.7:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.13.0:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.10.28:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.10.21:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.10.20:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.10.13:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.10.12:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.10.5:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.10.4:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.9.19:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.21:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.20:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.16.3:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.16.2:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.11:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.10:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.2:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.1:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.13.20:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.13.19:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.13.12:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.13.11.1:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.13.4:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.13.3:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.10.25:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.10.24:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.10.18:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.10.17:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.10.16:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.10.9:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.10.8:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.10:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.28:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.14.29:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.15.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.15.4:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.15.5:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.15.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.15.6:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.15.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.15.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.15.0:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.15.1:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.15.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.15.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.15.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.15.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.15.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.15.8.7:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.15.2:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.15.3:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.15.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.15.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.15.8:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.15.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.15.8.8:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.15.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.15.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.15.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.15.7:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.15.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:debian:dpkg:1.15.8.5:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-0402
1.96%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 87 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-0402
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2011-0402
-
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-0402
-
http://www.vupen.com/english/advisories/2011/0196
Webmail | OVH- OVH
-
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053306.html
[SECURITY] Fedora 14 Update: dpkg-1.15.5.6-6.fc14
-
http://www.debian.org/security/2011/dsa-2142
Debian -- Security Information -- DSA-2142-1 dpkg
-
http://www.vupen.com/english/advisories/2011/0044
Webmail | OVH- OVHVendor Advisory
-
http://www.vupen.com/english/advisories/2011/0040
Webmail | OVH- OVHVendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/64614
dpkg dpkg-source symlink CVE-2011-0402 Vulnerability Report
-
http://www.securityfocus.com/bid/45703
dpkg Patches Directory Traversal Vulnerability
-
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053311.html
[SECURITY] Fedora 13 Update: dpkg-1.15.5.6-6.fc13
-
http://www.ubuntu.com/usn/USN-1038-1
USN-1038-1: dpkg vulnerability | Ubuntu security notices
Jump to