6 matches found
CVE-2014-7206
The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file...
Code injection
The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file...
CVE-2014-7206
The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file...
CVE-2014-7206
CVE-2014-7206 affects apt’s changelog retrieval: the changelog functionality before version 1.0.9.2 allows local users to overwrite arbitrary files via a symlink-based race. Vulnerable: apt, prior to 1.0.9.2. Root cause: insecure creation/use of temporary files during changelog access. Impact: lo...
USN-2370-1: APT vulnerability
Guillem Jover discovered that APT incorrectly created a temporary file when handling the changelog command. A local attacker could use this issue to overwrite arbitrary files. In the default installation of Ubuntu, this should be prevented by the kernel link restrictions...
CVE-2014-7206
The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file...