dpkg Source Package Index: pseudo-header Processing Multiple Local Directory Traversal Vulnerability

2014-05-25T00:00:00
ID EDB-ID:39207
Type exploitdb
Reporter Raphael Geissert
Modified 2014-05-25T00:00:00

Description

dpkg Source Package Index: pseudo-header Processing Multiple Local Directory Traversal Vulnerability. CVE-2014-3865. Local exploit for linux platform

                                        
                                            source: http://www.securityfocus.com/bid/67727/info

dpkg is prone to multiple directory-traversal vulnerabilities because it fails to sufficiently sanitize user-supplied input.

Exploiting these issues will allow local attackers to modify files outside the destination directory and possibly gain access to the system.

dpkg 1.3.0 is vulnerable; other versions may also be affected. 

,--- exploit.patch ---
Index: index/symlink/index-file
@@ -0,0 +1,1 @@
+Escaped
`---