CVE-2014-7206
Advanced Package Tool < 1.0.9.2 - Arbitrary File Write via Symlink Attack on Changelog File
Title source: llmDescription
The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file.
References (8)
Core 8
Core References
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/61333
Vendor Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2014/dsa-3048
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/61768
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/61158
Issue Tracking x_refsource_confirm
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=763780
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/70310
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2370-1
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/96951
Scores
EPSS
0.0039
EPSS Percentile
30.2%
Details
CWE
CWE-59
Status
published
Products (4)
debian/advanced_package_tool
1.0.8
debian/advanced_package_tool
< 1.0.9.1
debian/apt
0.9.7.9 ubunto3 (3 CPE variants)
debian/apt
1.0.9
Published
Oct 15, 2014
Tracked Since
Feb 18, 2026