Skip to main content

Devscripts CVE-2015-5705

HIGH
Improper Link Resolution Before File Access (CWE-59)
2017-09-06 security@debian.org
7.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
Sep 06, 2017 - 21:29 cve.org
HIGH 7.5

DescriptionCVE.org

Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename.

AnalysisAI

Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-59. Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename. Affected products include: Devscripts Devel Team Devscripts, Fedoraproject Fedora. Version information: before 2.15.7.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2012-0212 CRITICAL
9.3 Jun 16

debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary cod

CVE-2012-0211 CRITICAL
9.3 Jun 16

debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary cod

CVE-2012-0210 CRITICAL
9.3 Jun 16

debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to obtain system informa

CVE-2013-7085 MEDIUM POC
5.8 Dec 14

Uscan in devscripts 2.13.5, when USCAN_EXCLUSION is enabled, allows remote attackers to delete arbitrary files via a whi

CVE-2018-13043 CRITICAL
9.8 Jul 01

scripts/grep-excuses.pl in Debian devscripts through 2.18.3 allows code execution through unsafe YAML loading because YA

CVE-2013-6888 HIGH
7.5 Jan 07

Uscan in devscripts before 2.13.9 allows remote attackers to execute arbitrary code via a crafted tarball. Rated high se

CVE-2015-5704 HIGH
7.8 Sep 25

scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands. Rated high s

CVE-2012-2240 HIGH
7.5 Oct 01

scripts/dscverify.pl in devscripts before 2.12.3 allows remote attackers to execute arbitrary commands via unspecified v

CVE-2013-7050 MEDIUM
6.8 Dec 13

The get_main_source_dir function in scripts/uscan.pl in devscripts before 2.13.8, when using USCAN_EXCLUSION, allows rem

CVE-2012-2242 MEDIUM
6.8 Oct 01

scripts/dget.pl in devscripts before 2.10.73 allows remote attackers to execute arbitrary commands via a crafted (1) .ds

CVE-2014-1833 MEDIUM
5.0 Feb 05

Directory traversal vulnerability in uupdate in devscripts 2.14.1 allows remote attackers to modify arbitrary files via

CVE-2012-2241 MEDIUM
5.0 Oct 01

scripts/dget.pl in devscripts before 2.12.3 allows remote attackers to delete arbitrary files via a crafted (1) .dsc or

Share

CVE-2015-5705 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy