CVE-2010-0396

Related Files

Ubuntu Security Notice 909-1

Posted Mar 11, 2010

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 909-1 - William Grant discovered that dpkg-source did not safely apply diffs when unpacking source packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could modify files outside the target unpack directory, leading to a denial of service or potentially gaining access to the system.

tags | advisory, remote, denial of service

systems | linux, ubuntu

advisories | CVE-2010-0396

SHA-256 | e03b020237a34eb10babde3dbb250d6762835d7c9f4c0e64626d3411643ef369

Download | Favorite | View

Debian Linux Security Advisory 2011-1

Posted Mar 11, 2010

Authored by Debian | Site debian.org

Debian Linux Security Advisory 2011-1 - William Grant discovered that the dpkg-source component of dpkg, the low-level infrastructure for handling the installation and removal of Debian software packages, is vulnerable to path traversal attacks. A specially crafted Debian source package can lead to file modification outside of the destination directory when extracting the package content.

tags | advisory

systems | linux, debian

advisories | CVE-2010-0396

SHA-256 | f26791a518123e680e1e34a55a4fd5c04672d53c72462a13fa80c1b690ec4fe6

Download | Favorite | View