CVE Vulnerability

CVE-2008-0302

Untrusted search path vulnerability in apt-listchanges.py in apt-listchanges before 2.82 allows local users to execute arbitrary code via a malicious apt-listchanges program in the current working directory.

7.2 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

References
Link Resource
http://packages.debian.org/changelogs/pool/main/a/apt-listchanges/apt-listchanges_2.82/changelog
http://git.madism.org/?p=apt-listchanges.git;a=commitdiff;h=1bcfbf3dc55413bb83a1782dc9a54515a963fb32 Exploit
http://www.debian.org/security/2008/dsa-1465
http://www.securityfocus.com/bid/27331
http://secunia.com/advisories/28513
http://www.ubuntu.com/usn/usn-572-1
http://secunia.com/advisories/28574
Configurations

Configuration 1

cpe:2.3:a:debian:apt-listchanges:*:*:*:*:*:*:*:*
Information

Published : 2008-01-17 02:00

Updated : 2008-09-05 09:34

NVD link : CVE-2008-0302

Mitre link : CVE-2008-0302

Products Affected

Apt-listchanges

Debian

CWE
CWE-94