Vulnerability Details : CVE-2013-6888
Uscan in devscripts before 2.13.9 allows remote attackers to execute arbitrary code via a crafted tarball.
Vulnerability category: Execute code
Products affected by CVE-2013-6888
- cpe:2.3:a:devscripts_devel_team:devscripts:*:*:*:*:*:*:*:*
- cpe:2.3:a:devscripts_devel_team:devscripts:2.13.6:*:*:*:*:*:*:*
- cpe:2.3:a:devscripts_devel_team:devscripts:2.13.5:*:*:*:*:*:*:*
- cpe:2.3:a:devscripts_devel_team:devscripts:2.13.4:*:*:*:*:*:*:*
- cpe:2.3:a:devscripts_devel_team:devscripts:2.13.3:*:*:*:*:*:*:*
- cpe:2.3:a:devscripts_devel_team:devscripts:2.13.2:*:*:*:*:*:*:*
- cpe:2.3:a:devscripts_devel_team:devscripts:2.13.1:*:*:*:*:*:*:*
- cpe:2.3:a:devscripts_devel_team:devscripts:2.13.0:*:*:*:*:*:*:*
- cpe:2.3:a:devscripts_devel_team:devscripts:2.13.7:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-6888
10.51%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 94 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-6888
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2013-6888
-
http://anonscm.debian.org/gitweb/?p=collab-maint/devscripts.git;a=commitdiff;h=02c6850d973e3e1246fde72edab27f03d63acc52
404 Not Found
-
http://www.debian.org/security/2014/dsa-2836
Debian -- Security Information -- DSA-2836-1 devscripts
-
http://www.securityfocus.com/bid/64656
Debian devscripts 'uscan' CVE-2013-6888 Remote Code Execution Vulnerability
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/90107
Debian devscripts uscan.pl code execution CVE-2013-6888 Vulnerability Report
-
http://www.ubuntu.com/usn/USN-2084-1
USN-2084-1: devscripts vulnerability | Ubuntu security notices
-
http://marc.info/?l=oss-security&m=138900586911271&w=2
'[oss-security] [notification] CVE-2013-6888: uscan: remote code execution' - MARC
Jump to