Vulnerability in Debian Advanced_package_tool

CVE-2014-7206

The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file.

EPSS: 0.004 (30.2th percentile) — read the EPSS interpretation.

Affected products

Debian Advanced_package_tool — versions 1.0.8
Debian Apt — versions 0.9.7.9, 1.0.9
N/a — versions n/a

Weakness classification (CWE)

CWE-59 — Improper Link Resolution Before File Access

References

security@debian.org (x_refsource_SECUNIA, third-party-advisory)
security@debian.org (vendor-advisory, x_refsource_DEBIAN, Vendor Advisory)
security@debian.org (x_refsource_SECUNIA, third-party-advisory)
security@debian.org (x_refsource_SECUNIA, third-party-advisory)
security@debian.org (x_refsource_CONFIRM)
security@debian.org (vdb-entry, x_refsource_BID)
security@debian.org (x_refsource_UBUNTU, vendor-advisory, Vendor Advisory)
security@debian.org (vdb-entry, x_refsource_XF)