#VU63711 Path traversal in dpkg


Published: 2022-05-26

Vulnerability identifier: #VU63711

Vulnerability risk: Medium

CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-1664

CWE-ID: CWE-22

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
dpkg
Other software / Other software solutions

Vendor: Debian Package Manager

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error in Dpkg::Source::Archive in dpkg when extracting untrusted source packages in the v2 and v3 source package formats that include a debian.tar. A remote attacker can create a specially crafted package with symbolic links that point to files outside the source tree root directory and overwrite arbitrary files on the system.

Mitigation
Install update from vendor's website.

Vulnerable software versions

dpkg: 1.21.0 - 1.21.7, 1.20.0 - 1.20.9, 1.19.0 - 1.19.7, 1.18.0 - 1.18.25, 1.17.0 - 1.17.27, 1.16.0 - 1.16.18, 1.15.0 - 1.15.12, 1.14.0 - 1.14.31, 1.13.0 - 1.13.26, 1.2.0 - 1.2.14, 1.1.4 - 1.1.6, 1.10 - 1.10.28, 1.9.0 - 1.9.21, 1.8.0 - 1.8.3.1, 1.7.0 - 1.7.2, 1.6 - 1.6.13, 1.4.0 - 1.4.1.19, 1.3.0 - 1.3.14


External links
http://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=7a6c03cb34d4a09f35df2f10779cbf1b70a5200b
http://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=58814cacee39c4ce9e2cd0e3a3b9b57ad437eff5
http://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=1f23dddc17f69c9598477098c7fb9936e15fa495
http://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=faa4c92debe45412bfcf8a44f26e827800bb24be


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability