CVE-2010-0396

Product:
debian: dpkg 1.10
debian: dpkg 1.10.1
debian: dpkg 1.10.10
debian: dpkg 1.10.11
debian: dpkg 1.10.12
debian: dpkg 1.10.13
debian: dpkg 1.10.14
debian: dpkg 1.10.15
debian: dpkg 1.10.16
debian: dpkg 1.10.17
debian: dpkg 1.10.18
debian: dpkg 1.10.18.1
debian: dpkg 1.10.19
debian: dpkg 1.10.2
debian: dpkg 1.10.20
debian: dpkg 1.10.21
debian: dpkg 1.10.22
debian: dpkg 1.10.23
debian: dpkg 1.10.24
debian: dpkg 1.10.25
debian: dpkg 1.10.26
debian: dpkg 1.10.27
debian: dpkg 1.10.28
debian: dpkg 1.10.3
debian: dpkg 1.10.4
debian: dpkg 1.10.5
debian: dpkg 1.10.6
debian: dpkg 1.10.7
debian: dpkg 1.10.8
debian: dpkg 1.10.9
debian: dpkg 1.13.0
debian: dpkg 1.13.1
debian: dpkg 1.13.10
debian: dpkg 1.13.11
debian: dpkg 1.13.11.1
debian: dpkg 1.13.12
debian: dpkg 1.13.13
debian: dpkg 1.13.14
debian: dpkg 1.13.15
debian: dpkg 1.13.16
debian: dpkg 1.13.17
debian: dpkg 1.13.18
debian: dpkg 1.13.19
debian: dpkg 1.13.2
debian: dpkg 1.13.20
debian: dpkg 1.13.21
debian: dpkg 1.13.22
debian: dpkg 1.13.23
debian: dpkg 1.13.24
debian: dpkg 1.13.25
debian: dpkg 1.13.3
debian: dpkg 1.13.4
debian: dpkg 1.13.5
debian: dpkg 1.13.6
debian: dpkg 1.13.7
debian: dpkg 1.13.8
debian: dpkg 1.13.9
debian: dpkg 1.14.0
debian: dpkg 1.14.1
debian: dpkg 1.14.10
debian: dpkg 1.14.11
debian: dpkg 1.14.12
debian: dpkg 1.14.13
debian: dpkg 1.14.14
debian: dpkg 1.14.15
debian: dpkg 1.14.16
debian: dpkg 1.14.16.1
debian: dpkg 1.14.16.2
debian: dpkg 1.14.16.3
debian: dpkg 1.14.16.4
debian: dpkg 1.14.16.5
debian: dpkg 1.14.16.6
debian: dpkg 1.14.17
debian: dpkg 1.14.18
debian: dpkg 1.14.19
debian: dpkg 1.14.2
debian: dpkg 1.14.20
debian: dpkg 1.14.21
debian: dpkg 1.14.22
debian: dpkg 1.14.23
debian: dpkg 1.14.24
debian: dpkg 1.14.25
debian: dpkg 1.14.26
debian: dpkg 1.14.27
debian: dpkg 1.14.28
debian: dpkg 1.14.3
debian: dpkg 1.14.4
debian: dpkg 1.14.5
debian: dpkg 1.14.6
debian: dpkg 1.14.7
debian: dpkg 1.14.8
debian: dpkg 1.14.9
debian: dpkg 1.9.19
debian: dpkg 1.9.20
debian: dpkg 1.9.21

Severity: Medium (5.8)

CVSS vector: (AV:N/AC:M/Au:N/C:N/I:P/A:P)

Attack`s vector: Victim must voluntarily interact with attack mechanism

Potential loss type: Integrity, Availability

Vulnerability description:
Directory traversal vulnerability in the dpkg-source component in dpkg before 1.14.29 allows remote attackers to modify arbitrary files via a crafted Debian source archive.

Patch available: Yes

References:
DEBIAN: http://www.debian.org/security/2010/dsa-2011
CONFIRM: http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29.tar.g ...
XF: http://xforce.iss.net/xforce/xfdb/56887
VUPEN: http://www.vupen.com/english/advisories/2010/0582