Vulnerability Description
Untrusted search path vulnerability in apt-listchanges.py in apt-listchanges before 2.82 allows local users to execute arbitrary code via a malicious apt-listchanges program in the current working directory.
CVSS Score
7.2
HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian | Apt-Listchanges | <= 2.81 |
Related Weaknesses (CWE)
References
- http://git.madism.org/?p=apt-listchanges.git%3Ba=commitdiff%3Bh=1bcfbf3dc55413bb
- http://packages.debian.org/changelogs/pool/main/a/apt-listchanges/apt-listchange
- http://secunia.com/advisories/28513
- http://secunia.com/advisories/28574
- http://www.debian.org/security/2008/dsa-1465
- http://www.securityfocus.com/bid/27331
- http://www.ubuntu.com/usn/usn-572-1
- http://git.madism.org/?p=apt-listchanges.git%3Ba=commitdiff%3Bh=1bcfbf3dc55413bb
- http://packages.debian.org/changelogs/pool/main/a/apt-listchanges/apt-listchange
- http://secunia.com/advisories/28513
- http://secunia.com/advisories/28574
- http://www.debian.org/security/2008/dsa-1465
- http://www.securityfocus.com/bid/27331
- http://www.ubuntu.com/usn/usn-572-1
FAQ
What is CVE-2008-0302?
CVE-2008-0302 is a vulnerability with a CVSS score of 7.2 (HIGH). Untrusted search path vulnerability in apt-listchanges.py in apt-listchanges before 2.82 allows local users to execute arbitrary code via a malicious apt-listchanges program in the current working dir...
How severe is CVE-2008-0302?
CVE-2008-0302 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-0302?
Check the references section above for vendor advisories and patch information. Affected products include: Debian Apt-Listchanges.