ID DSA-2011 Type debian Reporter Debian Modified 2010-03-10T00:00:00
Description
William Grant discovered that the dpkg-source component of dpkg, the low-level infrastructure for handling the installation and removal of Debian software packages, is vulnerable to path traversal attacks. A specially crafted Debian source package can lead to file modification outside of the destination directory when extracting the package content.
For the stable distribution (lenny), this problem has been fixed in version 1.14.29.
For the testing (squeeze) and unstable (sid) distribution this problem will be fixed soon.
{"cve": [{"lastseen": "2017-08-17T11:14:42", "references": ["https://exchange.xforce.ibmcloud.com/vulnerabilities/56887", "http://www.vupen.com/english/advisories/2010/0582", "http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29.tar.gz", "http://www.debian.org/security/2010/dsa-2011"], "description": "Directory traversal vulnerability in the dpkg-source component in dpkg before 1.14.29 allows remote attackers to modify arbitrary files via a crafted Debian source archive.", "edition": 2, "reporter": "NVD", "published": "2010-03-15T09:28:25", "title": "CVE-2010-0396", "type": "cve", "enchantments": {"score": {"modified": "2017-08-17T11:14:42", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2010-0396"], "scanner": [], "modified": "2017-08-16T21:31:59", "cpe": ["cpe:/a:debian:dpkg:1.10.14", "cpe:/a:debian:dpkg:1.9.20", "cpe:/a:debian:dpkg:1.13.3", "cpe:/a:debian:dpkg:1.13.13", "cpe:/a:debian:dpkg:1.10", "cpe:/a:debian:dpkg:1.10.23", "cpe:/a:debian:dpkg:1.13.8", "cpe:/a:debian:dpkg:1.10.18.1", "cpe:/a:debian:dpkg:1.14.0", "cpe:/a:debian:dpkg:1.10.17", "cpe:/a:debian:dpkg:1.14.1", "cpe:/a:debian:dpkg:1.10.27", "cpe:/a:debian:dpkg:1.9.21", "cpe:/a:debian:dpkg:1.13.11", "cpe:/a:debian:dpkg:1.14.22", "cpe:/a:debian:dpkg:1.13.4", "cpe:/a:debian:dpkg:1.13.11.1", "cpe:/a:debian:dpkg:1.14.16.2", "cpe:/a:debian:dpkg:1.14.16.4", "cpe:/a:debian:dpkg:1.14.3", "cpe:/a:debian:dpkg:1.13.24", "cpe:/a:debian:dpkg:1.14.12", "cpe:/a:debian:dpkg:1.10.10", "cpe:/a:debian:dpkg:1.14.10", "cpe:/a:debian:dpkg:1.14.28", "cpe:/a:debian:dpkg:1.10.19", "cpe:/a:debian:dpkg:1.13.14", "cpe:/a:debian:dpkg:1.13.25", "cpe:/a:debian:dpkg:1.14.24", "cpe:/a:debian:dpkg:1.13.6", "cpe:/a:debian:dpkg:1.13.5", "cpe:/a:debian:dpkg:1.13.0", "cpe:/a:debian:dpkg:1.14.14", "cpe:/a:debian:dpkg:1.14.19", "cpe:/a:debian:dpkg:1.10.24", "cpe:/a:debian:dpkg:1.14.11", "cpe:/a:debian:dpkg:1.14.23", "cpe:/a:debian:dpkg:1.10.5", "cpe:/a:debian:dpkg:1.14.17", "cpe:/a:debian:dpkg:1.14.16.6", "cpe:/a:debian:dpkg:1.10.13", "cpe:/a:debian:dpkg:1.14.5", "cpe:/a:debian:dpkg:1.10.21", "cpe:/a:debian:dpkg:1.14.27", "cpe:/a:debian:dpkg:1.10.1", "cpe:/a:debian:dpkg:1.10.4", "cpe:/a:debian:dpkg:1.14.21", "cpe:/a:debian:dpkg:1.10.16", "cpe:/a:debian:dpkg:1.14.13", "cpe:/a:debian:dpkg:1.14.16", "cpe:/a:debian:dpkg:1.14.16.3", "cpe:/a:debian:dpkg:1.14.20", "cpe:/a:debian:dpkg:1.13.9", "cpe:/a:debian:dpkg:1.10.18", "cpe:/a:debian:dpkg:1.14.6", "cpe:/a:debian:dpkg:1.14.16.5", "cpe:/a:debian:dpkg:1.13.12", "cpe:/a:debian:dpkg:1.13.1", "cpe:/a:debian:dpkg:1.14.2", "cpe:/a:debian:dpkg:1.13.20", "cpe:/a:debian:dpkg:1.14.25", "cpe:/a:debian:dpkg:1.10.22", "cpe:/a:debian:dpkg:1.14.15", "cpe:/a:debian:dpkg:1.14.26", "cpe:/a:debian:dpkg:1.13.15", "cpe:/a:debian:dpkg:1.13.22", "cpe:/a:debian:dpkg:1.10.26", "cpe:/a:debian:dpkg:1.14.7", "cpe:/a:debian:dpkg:1.10.7", "cpe:/a:debian:dpkg:1.10.6", "cpe:/a:debian:dpkg:1.13.10", "cpe:/a:debian:dpkg:1.14.16.1", "cpe:/a:debian:dpkg:1.14.4", "cpe:/a:debian:dpkg:1.10.11", "cpe:/a:debian:dpkg:1.13.18", "cpe:/a:debian:dpkg:1.13.2", "cpe:/a:debian:dpkg:1.13.17", "cpe:/a:debian:dpkg:1.14.8", "cpe:/a:debian:dpkg:1.10.12", "cpe:/a:debian:dpkg:1.14.18", "cpe:/a:debian:dpkg:1.14.9", "cpe:/a:debian:dpkg:1.10.8", "cpe:/a:debian:dpkg:1.10.20", "cpe:/a:debian:dpkg:1.10.2", "cpe:/a:debian:dpkg:1.10.28", "cpe:/a:debian:dpkg:1.10.9", "cpe:/a:debian:dpkg:1.13.23", "cpe:/a:debian:dpkg:1.9.19", "cpe:/a:debian:dpkg:1.10.25", "cpe:/a:debian:dpkg:1.10.3", "cpe:/a:debian:dpkg:1.13.16", "cpe:/a:debian:dpkg:1.13.21", "cpe:/a:debian:dpkg:1.13.7", "cpe:/a:debian:dpkg:1.10.15", "cpe:/a:debian:dpkg:1.13.19"], "id": "CVE-2010-0396", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0396", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2018-01-17T11:05:58", "references": [], "pluginID": "136141256231067034", "description": "The remote host is missing an update to dpkg\nannounced via advisory DSA 2011-1.", "edition": 1, "reporter": "Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com", "published": "2010-03-16T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 2011-1 (dpkg)", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0396"], "modified": "2018-01-16T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231067034", "id": "OPENVAS:136141256231067034", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2011_1.nasl 8438 2018-01-16 17:38:23Z teissa $\n# Description: Auto-generated from advisory DSA 2011-1 (dpkg)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"William Grant discovered that the dpkg-source component of dpkg, the\nlow-level infrastructure for handling the installation and removal of\nDebian software packages, is vulnerable to path traversal attacks.\nA specially crafted Debian source package can lead to file modification\noutside of the destination directory when extracting the package content.\n\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.14.29.\n\nFor the testing (squeeze) and unstable (sid) distribution this problem\nwill be fixed soon.\n\nWe recommend that you upgrade your dpkg packages.\";\ntag_summary = \"The remote host is missing an update to dpkg\nannounced via advisory DSA 2011-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202011-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.67034\");\n script_version(\"$Revision: 8438 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-16 18:38:23 +0100 (Tue, 16 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-16 17:25:39 +0100 (Tue, 16 Mar 2010)\");\n script_cve_id(\"CVE-2010-0396\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 2011-1 (dpkg)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"dpkg-dev\", ver:\"1.14.29\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"dpkg\", ver:\"1.14.29\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"dselect\", ver:\"1.14.29\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:49:29", "references": [], "pluginID": "67034", "description": "The remote host is missing an update to dpkg\nannounced via advisory DSA 2011-1.", "edition": 2, "reporter": "Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com", "published": "2010-03-16T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "Debian Security Advisory DSA 2011-1 (dpkg)", "type": "openvas", "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0396"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=67034", "id": "OPENVAS:67034", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2011_1.nasl 6614 2017-07-07 12:09:12Z cfischer $\n# Description: Auto-generated from advisory DSA 2011-1 (dpkg)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"William Grant discovered that the dpkg-source component of dpkg, the\nlow-level infrastructure for handling the installation and removal of\nDebian software packages, is vulnerable to path traversal attacks.\nA specially crafted Debian source package can lead to file modification\noutside of the destination directory when extracting the package content.\n\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.14.29.\n\nFor the testing (squeeze) and unstable (sid) distribution this problem\nwill be fixed soon.\n\nWe recommend that you upgrade your dpkg packages.\";\ntag_summary = \"The remote host is missing an update to dpkg\nannounced via advisory DSA 2011-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202011-1\";\n\n\nif(description)\n{\n script_id(67034);\n script_version(\"$Revision: 6614 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:12 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-16 17:25:39 +0100 (Tue, 16 Mar 2010)\");\n script_cve_id(\"CVE-2010-0396\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 2011-1 (dpkg)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"dpkg-dev\", ver:\"1.14.29\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"dpkg\", ver:\"1.14.29\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"dselect\", ver:\"1.14.29\", rls:\"DEB5.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-04T11:18:17", "references": ["http://www.ubuntu.com/usn/usn-909-1/", "909-1"], "pluginID": "840398", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-909-1", "edition": 3, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-03-12T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Ubuntu Update for dpkg vulnerability USN-909-1", "type": "openvas", "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0396"], "modified": "2017-12-01T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=840398", "id": "OPENVAS:840398", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_909_1.nasl 7965 2017-12-01 07:38:25Z santu $\n#\n# Ubuntu Update for dpkg vulnerability USN-909-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"William Grant discovered that dpkg-source did not safely apply diffs\n when unpacking source packages. If a user or an automated system were\n tricked into unpacking a specially crafted source package, a remote\n attacker could modify files outside the target unpack directory, leading\n to a denial of service or potentially gaining access to the system.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-909-1\";\ntag_affected = \"dpkg vulnerability on Ubuntu 6.06 LTS ,\n Ubuntu 8.04 LTS ,\n Ubuntu 8.10 ,\n Ubuntu 9.04 ,\n Ubuntu 9.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-909-1/\");\n script_id(840398);\n script_version(\"$Revision: 7965 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:38:25 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-12 17:02:32 +0100 (Fri, 12 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_xref(name: \"USN\", value: \"909-1\");\n script_cve_id(\"CVE-2010-0396\");\n script_name(\"Ubuntu Update for dpkg vulnerability USN-909-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"dpkg\", ver:\"1.14.24ubuntu1.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"dselect\", ver:\"1.14.24ubuntu1.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"dpkg-dev\", ver:\"1.14.24ubuntu1.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"dpkg\", ver:\"1.13.11ubuntu7.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"dselect\", ver:\"1.13.11ubuntu7.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"dpkg-dev\", ver:\"1.13.11ubuntu7.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"dpkg\", ver:\"1.14.20ubuntu6.3\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"dselect\", ver:\"1.14.20ubuntu6.3\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"dpkg-dev\", ver:\"1.14.20ubuntu6.3\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"dpkg\", ver:\"1.14.16.6ubuntu4.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"dselect\", ver:\"1.14.16.6ubuntu4.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"dpkg-dev\", ver:\"1.14.16.6ubuntu4.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"dpkg\", ver:\"1.15.4ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"dselect\", ver:\"1.15.4ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"dpkg-dev\", ver:\"1.15.4ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-26T11:05:48", "references": ["http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037646.html", "2010-4371"], "pluginID": "1361412562310861786", "description": "Check for the Version of dpkg", "edition": 1, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-03-22T00:00:00", "title": "Fedora Update for dpkg FEDORA-2010-4371", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0396"], "modified": "2018-01-25T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310861786", "id": "OPENVAS:1361412562310861786", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for dpkg FEDORA-2010-4371\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"This package contains the tools (including dpkg-source) required\n to unpack, build and upload Debian source packages.\n\n This package also contains the programs dpkg which used to handle the\n installation and removal of packages on a Debian system.\n \n This package also contains dselect, an interface for managing the\n installation and removal of packages on the system.\n \n dpkg and dselect will certainly be non-functional on a rpm-based system\n because packages dependencies will likely be unmet.\";\n\ntag_affected = \"dpkg on Fedora 12\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037646.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.861786\");\n script_version(\"$Revision: 8528 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-25 08:57:36 +0100 (Thu, 25 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-22 11:34:53 +0100 (Mon, 22 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-4371\");\n script_cve_id(\"CVE-2010-0396\");\n script_name(\"Fedora Update for dpkg FEDORA-2010-4371\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of dpkg\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"dpkg\", rpm:\"dpkg~1.15.5.6~4.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-15T11:58:15", "references": ["http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037592.html", "2010-4344"], "pluginID": "861789", "description": "Check for the Version of dpkg", "edition": 3, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-03-22T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Fedora Update for dpkg FEDORA-2010-4344", "type": "openvas", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0396"], "modified": "2017-12-15T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=861789", "id": "OPENVAS:861789", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for dpkg FEDORA-2010-4344\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"This package contains the tools (including dpkg-source) required\n to unpack, build and upload Debian source packages.\n\n This package also contains the programs dpkg which used to handle the\n installation and removal of packages on a Debian system.\n \n This package also contains dselect, an interface for managing the\n installation and removal of packages on the system.\n \n dpkg and dselect will certainly be non-functional on a rpm-based system\n because packages dependencies will likely be unmet.\";\n\ntag_affected = \"dpkg on Fedora 11\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037592.html\");\n script_id(861789);\n script_version(\"$Revision: 8130 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-15 07:31:09 +0100 (Fri, 15 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-22 11:34:53 +0100 (Mon, 22 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-4344\");\n script_cve_id(\"CVE-2010-0396\");\n script_name(\"Fedora Update for dpkg FEDORA-2010-4344\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of dpkg\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC11\")\n{\n\n if ((res = isrpmvuln(pkg:\"dpkg\", rpm:\"dpkg~1.15.5.6~4.fc11\", rls:\"FC11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-18T11:05:15", "references": ["http://www.ubuntu.com/usn/usn-909-1/", "909-1"], "pluginID": "1361412562310840398", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-909-1", "edition": 1, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-03-12T00:00:00", "title": "Ubuntu Update for dpkg vulnerability USN-909-1", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0396"], "modified": "2018-01-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840398", "id": "OPENVAS:1361412562310840398", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_909_1.nasl 8447 2018-01-17 16:12:19Z teissa $\n#\n# Ubuntu Update for dpkg vulnerability USN-909-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"William Grant discovered that dpkg-source did not safely apply diffs\n when unpacking source packages. If a user or an automated system were\n tricked into unpacking a specially crafted source package, a remote\n attacker could modify files outside the target unpack directory, leading\n to a denial of service or potentially gaining access to the system.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-909-1\";\ntag_affected = \"dpkg vulnerability on Ubuntu 6.06 LTS ,\n Ubuntu 8.04 LTS ,\n Ubuntu 8.10 ,\n Ubuntu 9.04 ,\n Ubuntu 9.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-909-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840398\");\n script_version(\"$Revision: 8447 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 17:12:19 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-12 17:02:32 +0100 (Fri, 12 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_xref(name: \"USN\", value: \"909-1\");\n script_cve_id(\"CVE-2010-0396\");\n script_name(\"Ubuntu Update for dpkg vulnerability USN-909-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"dpkg\", ver:\"1.14.24ubuntu1.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"dselect\", ver:\"1.14.24ubuntu1.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"dpkg-dev\", ver:\"1.14.24ubuntu1.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"dpkg\", ver:\"1.13.11ubuntu7.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"dselect\", ver:\"1.13.11ubuntu7.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"dpkg-dev\", ver:\"1.13.11ubuntu7.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"dpkg\", ver:\"1.14.20ubuntu6.3\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"dselect\", ver:\"1.14.20ubuntu6.3\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"dpkg-dev\", ver:\"1.14.20ubuntu6.3\", rls:\"UBUNTU8.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"dpkg\", ver:\"1.14.16.6ubuntu4.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"dselect\", ver:\"1.14.16.6ubuntu4.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"dpkg-dev\", ver:\"1.14.16.6ubuntu4.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"dpkg\", ver:\"1.15.4ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"dselect\", ver:\"1.15.4ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"dpkg-dev\", ver:\"1.15.4ubuntu2.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:54:34", "references": ["http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037646.html", "2010-4371"], "pluginID": "861786", "description": "Check for the Version of dpkg", "edition": 3, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-03-22T00:00:00", "title": "Fedora Update for dpkg FEDORA-2010-4371", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0396"], "modified": "2017-12-26T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=861786", "id": "OPENVAS:861786", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for dpkg FEDORA-2010-4371\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"This package contains the tools (including dpkg-source) required\n to unpack, build and upload Debian source packages.\n\n This package also contains the programs dpkg which used to handle the\n installation and removal of packages on a Debian system.\n \n This package also contains dselect, an interface for managing the\n installation and removal of packages on the system.\n \n dpkg and dselect will certainly be non-functional on a rpm-based system\n because packages dependencies will likely be unmet.\";\n\ntag_affected = \"dpkg on Fedora 12\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037646.html\");\n script_id(861786);\n script_version(\"$Revision: 8245 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-26 07:29:59 +0100 (Tue, 26 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-22 11:34:53 +0100 (Mon, 22 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-4371\");\n script_cve_id(\"CVE-2010-0396\");\n script_name(\"Fedora Update for dpkg FEDORA-2010-4371\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of dpkg\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"dpkg\", rpm:\"dpkg~1.15.5.6~4.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-06T13:05:15", "references": ["http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037592.html", "2010-4344"], "pluginID": "1361412562310861789", "description": "Check for the Version of dpkg", "edition": 1, "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "published": "2010-03-22T00:00:00", "type": "openvas", "title": "Fedora Update for dpkg FEDORA-2010-4344", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0396"], "modified": "2018-01-04T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310861789", "id": "OPENVAS:1361412562310861789", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for dpkg FEDORA-2010-4344\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"This package contains the tools (including dpkg-source) required\n to unpack, build and upload Debian source packages.\n\n This package also contains the programs dpkg which used to handle the\n installation and removal of packages on a Debian system.\n \n This package also contains dselect, an interface for managing the\n installation and removal of packages on the system.\n \n dpkg and dselect will certainly be non-functional on a rpm-based system\n because packages dependencies will likely be unmet.\";\n\ntag_affected = \"dpkg on Fedora 11\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037592.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.861789\");\n script_version(\"$Revision: 8287 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-04 08:28:11 +0100 (Thu, 04 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-22 11:34:53 +0100 (Mon, 22 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-4344\");\n script_cve_id(\"CVE-2010-0396\");\n script_name(\"Fedora Update for dpkg FEDORA-2010-4344\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of dpkg\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC11\")\n{\n\n if ((res = isrpmvuln(pkg:\"dpkg\", rpm:\"dpkg~1.15.5.6~4.fc11\", rls:\"FC11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2018-09-02T00:06:15", "references": ["http://seclists.org/fulldisclosure/2010/Mar/201", "http://www.nessus.org/u?4faba192", "https://bugzilla.redhat.com/show_bug.cgi?id=572522"], "pluginID": "47362", "description": "This update fixes CVE-2010-0396 - dpkg path traversal issue * http://www.debian.org/security/2010/dsa-2011 * http://seclists.org/fulldisclosure/2010/Mar/201\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 4, "reporter": "Tenable", "published": "2010-07-01T00:00:00", "title": "Fedora 13 : dpkg-1.15.5.6-4.fc13 (2010-4410)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0396"], "modified": "2015-10-20T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:13", "p-cpe:/a:fedoraproject:fedora:dpkg"], "id": "FEDORA_2010-4410.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=47362", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-4410.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47362);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2015/10/20 21:38:17 $\");\n\n script_cve_id(\"CVE-2010-0396\");\n script_xref(name:\"DSA\", value:\"2011\");\n script_xref(name:\"FEDORA\", value:\"2010-4410\");\n\n script_name(english:\"Fedora 13 : dpkg-1.15.5.6-4.fc13 (2010-4410)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes CVE-2010-0396 - dpkg path traversal issue *\nhttp://www.debian.org/security/2010/dsa-2011 *\nhttp://seclists.org/fulldisclosure/2010/Mar/201\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://seclists.org/fulldisclosure/2010/Mar/201\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=572522\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-March/037617.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4faba192\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected dpkg package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:dpkg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"dpkg-1.15.5.6-4.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"dpkg\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:11:18", "references": ["http://seclists.org/fulldisclosure/2010/Mar/201", "https://bugzilla.redhat.com/show_bug.cgi?id=572522", "http://www.nessus.org/u?7354460a"], "pluginID": "47357", "description": "This update fixes CVE-2010-0396 - dpkg path traversal issue * http://www.debian.org/security/2010/dsa-2011 * http://seclists.org/fulldisclosure/2010/Mar/201\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "reporter": "Tenable", "published": "2010-07-01T00:00:00", "title": "Fedora 11 : dpkg-1.15.5.6-4.fc11 (2010-4344)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0396"], "modified": "2018-07-12T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:dpkg", "cpe:/o:fedoraproject:fedora:11"], "id": "FEDORA_2010-4344.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=47357", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-4344.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47357);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/07/12 15:01:52\");\n\n script_cve_id(\"CVE-2010-0396\");\n script_xref(name:\"DSA\", value:\"2011\");\n script_xref(name:\"FEDORA\", value:\"2010-4344\");\n\n script_name(english:\"Fedora 11 : dpkg-1.15.5.6-4.fc11 (2010-4344)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes CVE-2010-0396 - dpkg path traversal issue *\nhttp://www.debian.org/security/2010/dsa-2011 *\nhttp://seclists.org/fulldisclosure/2010/Mar/201\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://seclists.org/fulldisclosure/2010/Mar/201\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=572522\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-March/037592.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7354460a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected dpkg package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:dpkg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"dpkg-1.15.5.6-4.fc11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"dpkg\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:55:09", "references": ["http://www.debian.org/security/2010/dsa-2011"], "pluginID": "45027", "description": "William Grant discovered that the dpkg-source component of dpkg, the low-level infrastructure for handling the installation and removal of Debian software packages, is vulnerable to path traversal attacks. A specially crafted Debian source package can lead to file modification outside of the destination directory when extracting the package content.", "edition": 5, "reporter": "Tenable", "published": "2010-03-11T00:00:00", "title": "Debian DSA-2011-1 : dpkg - path traversal", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0396"], "modified": "2018-08-09T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:dpkg", "cpe:/o:debian:debian_linux:5.0"], "id": "DEBIAN_DSA-2011.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=45027", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2011. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(45027);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/08/09 17:06:37\");\n\n script_cve_id(\"CVE-2010-0396\");\n script_xref(name:\"DSA\", value:\"2011\");\n\n script_name(english:\"Debian DSA-2011-1 : dpkg - path traversal\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"William Grant discovered that the dpkg-source component of dpkg, the\nlow-level infrastructure for handling the installation and removal of\nDebian software packages, is vulnerable to path traversal attacks. A\nspecially crafted Debian source package can lead to file modification\noutside of the destination directory when extracting the package\ncontent.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2010/dsa-2011\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the dpkg packages.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.14.29.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:dpkg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/03/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"dpkg\", reference:\"1.14.29\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"dpkg-dev\", reference:\"1.14.29\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"dselect\", reference:\"1.14.29\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:53:21", "references": [], "pluginID": "45038", "description": "William Grant discovered that dpkg-source did not safely apply diffs when unpacking source packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could modify files outside the target unpack directory, leading to a denial of service or potentially gaining access to the system.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "reporter": "Tenable", "published": "2010-03-11T00:00:00", "title": "Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : dpkg vulnerability (USN-909-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0396"], "modified": "2018-08-15T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:dpkg-dev", "p-cpe:/a:canonical:ubuntu_linux:dpkg", "p-cpe:/a:canonical:ubuntu_linux:dselect", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "cpe:/o:canonical:ubuntu_linux:9.10", "cpe:/o:canonical:ubuntu_linux:8.10", "cpe:/o:canonical:ubuntu_linux:9.04", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts"], "id": "UBUNTU_USN-909-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=45038", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-909-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(45038);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/08/15 12:24:49\");\n\n script_cve_id(\"CVE-2010-0396\");\n script_xref(name:\"USN\", value:\"909-1\");\n\n script_name(english:\"Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : dpkg vulnerability (USN-909-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"William Grant discovered that dpkg-source did not safely apply diffs\nwhen unpacking source packages. If a user or an automated system were\ntricked into unpacking a specially crafted source package, a remote\nattacker could modify files outside the target unpack directory,\nleading to a denial of service or potentially gaining access to the\nsystem.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected dpkg, dpkg-dev and / or dselect packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:dpkg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:dpkg-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:dselect\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/03/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2010-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(6\\.06|8\\.04|8\\.10|9\\.04|9\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 6.06 / 8.04 / 8.10 / 9.04 / 9.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"6.06\", pkgname:\"dpkg\", pkgver:\"1.13.11ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"dpkg-dev\", pkgver:\"1.13.11ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"dselect\", pkgver:\"1.13.11ubuntu7.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"dpkg\", pkgver:\"1.14.16.6ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"dpkg-dev\", pkgver:\"1.14.16.6ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"8.04\", pkgname:\"dselect\", pkgver:\"1.14.16.6ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"dpkg\", pkgver:\"1.14.20ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"dpkg-dev\", pkgver:\"1.14.20ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"dselect\", pkgver:\"1.14.20ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"dpkg\", pkgver:\"1.14.24ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"dpkg-dev\", pkgver:\"1.14.24ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"9.04\", pkgname:\"dselect\", pkgver:\"1.14.24ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"dpkg\", pkgver:\"1.15.4ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"dpkg-dev\", pkgver:\"1.15.4ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"dselect\", pkgver:\"1.15.4ubuntu2.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"dpkg / dpkg-dev / dselect\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:52:13", "references": ["http://seclists.org/fulldisclosure/2010/Mar/201", "https://bugzilla.redhat.com/show_bug.cgi?id=572522", "http://www.nessus.org/u?77cf4feb"], "pluginID": "47359", "description": "This update fixes CVE-2010-0396 - dpkg path traversal issue * http://www.debian.org/security/2010/dsa-2011 * http://seclists.org/fulldisclosure/2010/Mar/201\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "reporter": "Tenable", "published": "2010-07-01T00:00:00", "title": "Fedora 12 : dpkg-1.15.5.6-4.fc12 (2010-4371)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0396"], "modified": "2018-07-12T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:dpkg", "cpe:/o:fedoraproject:fedora:12"], "id": "FEDORA_2010-4371.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=47359", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-4371.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(47359);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/07/12 15:01:52\");\n\n script_cve_id(\"CVE-2010-0396\");\n script_xref(name:\"DSA\", value:\"2011\");\n script_xref(name:\"FEDORA\", value:\"2010-4371\");\n\n script_name(english:\"Fedora 12 : dpkg-1.15.5.6-4.fc12 (2010-4371)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes CVE-2010-0396 - dpkg path traversal issue *\nhttp://www.debian.org/security/2010/dsa-2011 *\nhttp://seclists.org/fulldisclosure/2010/Mar/201\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://seclists.org/fulldisclosure/2010/Mar/201\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=572522\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-March/037646.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?77cf4feb\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected dpkg package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:dpkg\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"dpkg-1.15.5.6-4.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"dpkg\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:08:59", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2010-0396"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "9.04", "packageVersion": "1.14.24ubuntu1.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "dpkg-dev", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "8.04", "packageVersion": "1.14.16.6ubuntu4.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "dpkg-dev", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "8.10", "packageVersion": "1.14.20ubuntu6.3", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "dpkg-dev", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "9.10", "packageVersion": "1.15.4ubuntu2.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "dpkg-dev", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "6.06", "packageVersion": "1.13.11ubuntu7.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "dpkg-dev", "operator": "lt"}], "description": "William Grant discovered that dpkg-source did not safely apply diffs when unpacking source packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could modify files outside the target unpack directory, leading to a denial of service or potentially gaining access to the system.", "edition": 3, "reporter": "Ubuntu", "published": "2010-03-11T00:00:00", "title": "dpkg vulnerability", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2010-0396"], "modified": "2010-03-11T00:00:00", "id": "USN-909-1", "href": "https://usn.ubuntu.com/909-1/", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:33", "references": [], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- --------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2011-1 security@debian.org\r\nhttp://www.debian.org/security/ Nico Golde\r\nMarch 10th, 2010 http://www.debian.org/security/faq\r\n- --------------------------------------------------------------------------\r\n\r\nPackage : dpkg\r\nVulnerability : path traversal\r\nProblem type : local\r\nDebian-specific: yes\r\nDebian bug : none\r\nCVE ID : CVE-2010-0396\r\n\r\nWilliam Grant discovered that the dpkg-source component of dpkg, the\r\nlow-level infrastructure for handling the installation and removal of\r\nDebian software packages, is vulnerable to path traversal attacks.\r\nA specially crafted Debian source package can lead to file modification\r\noutside of the destination directory when extracting the package content.\r\n\r\n\r\nFor the stable distribution (lenny), this problem has been fixed in\r\nversion 1.14.29.\r\n\r\nFor the testing (squeeze) and unstable (sid) distribution this problem\r\nwill be fixed soon.\r\n\r\nWe recommend that you upgrade your dpkg packages.\r\n\r\nUpgrade instructions\r\n- --------------------\r\n\r\nwget url\r\n will fetch the file for you\r\ndpkg -i file.deb\r\n will install the referenced file.\r\n\r\nIf you are using the apt-get package manager, use the line for\r\nsources.list as given below:\r\n\r\napt-get update\r\n will update the internal database\r\napt-get upgrade\r\n will install corrected packages\r\n\r\nYou may use an automated update by adding the resources from the\r\nfooter to the proper configuration.\r\n\r\n\r\nDebian GNU/Linux 5.0 alias lenny\r\n- --------------------------------\r\n\r\nDebian (stable)\r\n- ---------------\r\n\r\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and\r\nsparc.\r\n\r\nSource archives:\r\n\r\n http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29.dsc\r\n Size/MD5 checksum: 1544 7cf187bdb138606465a626f30da65423\r\n http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29.tar.gz\r\n Size/MD5 checksum: 6849885 4326172a959b5b6484b4bc126e9f628d\r\n\r\nArchitecture independent packages:\r\n\r\n http://security.debian.org/pool/updates/main/d/dpkg/dpkg-dev_1.14.29_all.deb\r\n Size/MD5 checksum: 770984 76f021d6ddbbd0726f123cc993f55b40\r\n\r\nalpha architecture (DEC Alpha)\r\n\r\n http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29_alpha.deb\r\n Size/MD5 checksum: 2446040 96fe37e062b47c64faf2e16463265d15\r\n http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29_alpha.deb\r\n Size/MD5 checksum: 814066 bc68e19e69ec46a769780a68fef862a8\r\n\r\namd64 architecture (AMD x86_64 (AMD64))\r\n\r\n http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29_amd64.deb\r\n Size/MD5 checksum: 2400244 0e38c74c3fd8cd11d3112b950e1fd42a\r\n http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29_amd64.deb\r\n Size/MD5 checksum: 800106 6e1ef50a9e0821d4087ffd22aa71d031\r\n\r\narm architecture (ARM)\r\n\r\n http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29_arm.deb\r\n Size/MD5 checksum: 2364912 308e279965adbc2d10a1131978b71fc1\r\n http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29_arm.deb\r\n Size/MD5 checksum: 798628 d891c19e779426db56070820c52ed52e\r\n\r\narmel architecture (ARM EABI)\r\n\r\n http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29_armel.deb\r\n Size/MD5 checksum: 797176 3ade9a406bb32f8e82205d78572c6f6a\r\n http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29_armel.deb\r\n Size/MD5 checksum: 2361596 6e781e9051ecb40ae4b3dc89226d5f60\r\n\r\nhppa architecture (HP PA RISC)\r\n\r\n http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29_hppa.deb\r\n Size/MD5 checksum: 2414914 dea419be797918c210c7f2ea81b968a2\r\n http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29_hppa.deb\r\n Size/MD5 checksum: 812730 1b7ad0f69ef081f68c50df9023581d6f\r\n\r\ni386 architecture (Intel ia32)\r\n\r\n http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29_i386.deb\r\n Size/MD5 checksum: 800424 66ebb60ebc836702afbe8cae59a39f35\r\n http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29_i386.deb\r\n Size/MD5 checksum: 2354472 d81c926899c940f03190ea74bfbecb7f\r\n\r\nia64 architecture (Intel ia64)\r\n\r\n http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29_ia64.deb\r\n Size/MD5 checksum: 2606008 72fc1c9a4081e5d90bb1f7735b334f2b\r\n http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29_ia64.deb\r\n Size/MD5 checksum: 842398 3ae67b486742d05ab49fe82c5d56521f\r\n\r\nmips architecture (MIPS (Big Endian))\r\n\r\n http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29_mips.deb\r\n Size/MD5 checksum: 2406768 78bd15417766928cc79d1950b02a0fac\r\n http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29_mips.deb\r\n Size/MD5 checksum: 809606 a897741ac7876f70f9e69477eab3fe12\r\n\r\nmipsel architecture (MIPS (Little Endian))\r\n\r\n http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29_mipsel.deb\r\n Size/MD5 checksum: 811048 85bc3ad6ef312571f1e707f7b6136fd3\r\n http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29_mipsel.deb\r\n Size/MD5 checksum: 2402126 4ac9b517d9a39e37d05f0efdc131b93f\r\n\r\npowerpc architecture (PowerPC)\r\n\r\n http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29_powerpc.deb\r\n Size/MD5 checksum: 2398050 3b98a0fe1f17e38905d189676fec7246\r\n http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29_powerpc.deb\r\n Size/MD5 checksum: 808874 88e02c80992df57289ce52b5cc032c3d\r\n\r\ns390 architecture (IBM S/390)\r\n\r\n http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29_s390.deb\r\n Size/MD5 checksum: 2409406 7ca42e53f5a74e7381307fd5ca19b7a8\r\n http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29_s390.deb\r\n Size/MD5 checksum: 800334 161afe75a681ff023995bc5764e49947\r\n\r\nsparc architecture (Sun SPARC/UltraSPARC)\r\n\r\n http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29_sparc.deb\r\n Size/MD5 checksum: 2357888 2e1be7c5b81f5c9e66946396922b40ff\r\n http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29_sparc.deb\r\n Size/MD5 checksum: 798754 4709cd55f7f47a5fe2e82df17c019821\r\n\r\n\r\n These files will probably be moved into the stable distribution on\r\n its next update.\r\n\r\n- ---------------------------------------------------------------------------------\r\nFor apt-get: deb http://security.debian.org/ stable/updates main\r\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\r\nMailing list: debian-security-announce@lists.debian.org\r\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (GNU/Linux)\r\n\r\niEYEARECAAYFAkuYBasACgkQHYflSXNkfP+sVACfU0jETaPVlC8d5DaywaxXJ3k0\r\nyxYAnjDM0XUFKMfF+8skcAMofXav4B/L\r\n=8hIj\r\n-----END PGP SIGNATURE-----", "edition": 1, "reporter": "Securityvulns", "published": "2010-03-11T00:00:00", "title": "[SECURITY] [DSA 2011-1] New dpkg packages fix path traversal", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:33", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2010-0396"], "modified": "2010-03-11T00:00:00", "id": "SECURITYVULNS:DOC:23369", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:23369", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:36", "references": ["https://vulners.com/securityvulns/securityvulns:doc:25453", "https://vulners.com/securityvulns/securityvulns:doc:23369"], "description": "Directory traversal on package content extraction.", "edition": 1, "reporter": "BUGTRAQ", "published": "2011-01-07T00:00:00", "title": "dpkg directory traversal", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:36", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "dpkg", "version": "1.14", "operator": "eq"}], "cvelist": ["CVE-2010-0396", "CVE-2010-1679"], "modified": "2011-01-07T00:00:00", "id": "SECURITYVULNS:VULN:10689", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10689", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
