Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-8625

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2014-8625
Last Modified 22 Jan 2015 08:53:41
Published 20 Jan 2015 10:59:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-8625

Summary

Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name.

Vulnerable Systems

Application

  • Debian Dpkg 1.17.21


References

CONFIRM - https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/1389135

CONFIRM - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768485

XF - dpkg-format-sting(98551)

MLIST - [oss-security] 20141106 Re: CVE-Request: dpkg handling of 'control' and warnings format string vulnerability

MLIST - [oss-security] 20141106 CVE-Request: dpkg handling of 'control' and warnings format string vulnerability


Last Updated: 27 May 2016 11:07:36