ID CVE-2015-0860
Summary Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an "old-style" Debian binary package, which triggers a stack-based buffer overflow.
References
Vulnerable Configurations
  • Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts
  • Canonical Ubuntu Linux 12.04 LTS
    cpe:2.3:o:canonical:ubuntu_linux:12.04:-:-:-:lts
  • Canonical Ubuntu Linux 15.10
    cpe:2.3:o:canonical:ubuntu_linux:15.10
  • Canonical Ubuntu Linux 15.04
    cpe:2.3:o:canonical:ubuntu_linux:15.04
  • Debian Dpkg 1.16.0
    cpe:2.3:a:debian:dpkg:1.16.0
  • Debian Dpkg 1.16.0.1
    cpe:2.3:a:debian:dpkg:1.16.0.1
  • Debian Dpkg 1.16.0.2
    cpe:2.3:a:debian:dpkg:1.16.0.2
  • Debian Dpkg 1.16.0.3
    cpe:2.3:a:debian:dpkg:1.16.0.3
  • Debian Dpkg 1.16.1
    cpe:2.3:a:debian:dpkg:1.16.1
  • Debian Dpkg 1.16.1.1
    cpe:2.3:a:debian:dpkg:1.16.1.1
  • Debian Dpkg 1.16.1.2
    cpe:2.3:a:debian:dpkg:1.16.1.2
  • Debian Dpkg 1.16.10
    cpe:2.3:a:debian:dpkg:1.16.10
  • Debian Dpkg 1.16.11
    cpe:2.3:a:debian:dpkg:1.16.11
  • Debian Dpkg 1.16.12
    cpe:2.3:a:debian:dpkg:1.16.12
  • Debian Dpkg 1.16.2
    cpe:2.3:a:debian:dpkg:1.16.2
  • Debian Dpkg 1.16.3
    cpe:2.3:a:debian:dpkg:1.16.3
  • Debian Dpkg 1.16.4
    cpe:2.3:a:debian:dpkg:1.16.4
  • Debian Dpkg 1.16.4.1
    cpe:2.3:a:debian:dpkg:1.16.4.1
  • Debian Dpkg 1.16.4.2
    cpe:2.3:a:debian:dpkg:1.16.4.2
  • Debian Dpkg 1.16.4.3
    cpe:2.3:a:debian:dpkg:1.16.4.3
  • Debian Dpkg 1.16.5
    cpe:2.3:a:debian:dpkg:1.16.5
  • Debian Dpkg 1.16.6
    cpe:2.3:a:debian:dpkg:1.16.6
  • Debian Dpkg 1.16.7
    cpe:2.3:a:debian:dpkg:1.16.7
  • Debian Dpkg 1.16.8
    cpe:2.3:a:debian:dpkg:1.16.8
  • Debian Dpkg 1.16.9
    cpe:2.3:a:debian:dpkg:1.16.9
  • Debian dpkg 1.16.15
    cpe:2.3:a:debian:dpkg:1.16.15
  • Debian Dpkg 1.17.0
    cpe:2.3:a:debian:dpkg:1.17.0
  • Debian Dpkg 1.17.1
    cpe:2.3:a:debian:dpkg:1.17.1
  • Debian Dpkg 1.17.2
    cpe:2.3:a:debian:dpkg:1.17.2
  • Debian Dpkg 1.17.3
    cpe:2.3:a:debian:dpkg:1.17.3
  • Debian Dpkg 1.17.4
    cpe:2.3:a:debian:dpkg:1.17.4
  • Debian Dpkg 1.17.5
    cpe:2.3:a:debian:dpkg:1.17.5
  • Debian Dpkg 1.17.6
    cpe:2.3:a:debian:dpkg:1.17.6
  • Debian Dpkg 1.17.7
    cpe:2.3:a:debian:dpkg:1.17.7
  • Debian Dpkg 1.17.8
    cpe:2.3:a:debian:dpkg:1.17.8
  • Debian Dpkg 1.17.9
    cpe:2.3:a:debian:dpkg:1.17.9
  • Debian dpkg 1.17.10
    cpe:2.3:a:debian:dpkg:1.17.10
  • Debian dpkg 1.17.11
    cpe:2.3:a:debian:dpkg:1.17.11
  • Debian dpkg 1.17.12
    cpe:2.3:a:debian:dpkg:1.17.12
  • Debian dpkg 1.17.13
    cpe:2.3:a:debian:dpkg:1.17.13
  • Debian dpkg 1.17.14
    cpe:2.3:a:debian:dpkg:1.17.14
  • Debian dpkg 1.17.15
    cpe:2.3:a:debian:dpkg:1.17.15
  • Debian dpkg 1.17.16
    cpe:2.3:a:debian:dpkg:1.17.16
  • Debian dpkg 1.17.17
    cpe:2.3:a:debian:dpkg:1.17.17
  • Debian dpkg 1.17.18
    cpe:2.3:a:debian:dpkg:1.17.18
  • Debian dpkg 1.17.19
    cpe:2.3:a:debian:dpkg:1.17.19
  • Debian dpkg 1.17.20
    cpe:2.3:a:debian:dpkg:1.17.20
  • Debian dpkg 1.17.21
    cpe:2.3:a:debian:dpkg:1.17.21
  • Debian dpkg 1.17.22
    cpe:2.3:a:debian:dpkg:1.17.22
  • Debian dpkg 1.17.23
    cpe:2.3:a:debian:dpkg:1.17.23
  • Debian dpkg 1.17.24
    cpe:2.3:a:debian:dpkg:1.17.24
  • Debian Dpkg 1.17.25
    cpe:2.3:a:debian:dpkg:1.17.25
CVSS
Base: 7.5 (as of 04-12-2015 - 10:19)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3407.NASL
    description Hanno Boeck discovered a stack-based buffer overflow in the dpkg-deb component of dpkg, the Debian package management system. This flaw could potentially lead to arbitrary code execution if a user or an automated system were tricked into processing a specially crafted Debian binary package (.deb) in the old style Debian binary package format. This update also includes updated translations and additional bug fixes.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 87080
    published 2015-11-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87080
    title Debian DSA-3407-1 : dpkg - security update
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201612-07.NASL
    description The remote host is affected by the vulnerability described in GLSA-201612-07 (dpkg: Arbitrary code execution) Gentoo Linux developer, Hanno Böck, discovered an off-by-one error in the dpkg-deb component of dpkg, the Debian package management system, which triggers a stack-based buffer overflow. Impact : An attacker could potentially execute arbitrary code if an user or an automated system were tricked into processing a specially crafted Debian binary package (.deb). Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2016-12-05
    plugin id 95522
    published 2016-12-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95522
    title GLSA-201612-07 : dpkg: Arbitrary code execution
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2820-1.NASL
    description Hanno Boeck discovered that the dpkg-deb tool incorrectly handled certain old style Debian binary packages. If a user or an automated system were tricked into unpacking a specially crafted binary package, a remote attacker could possibly use this issue to execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 87108
    published 2015-11-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87108
    title Ubuntu 12.04 LTS / 14.04 LTS / 15.04 / 15.10 : dpkg vulnerability (USN-2820-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-1096-1.NASL
    description This update for dpkg fixes the following issues: This security issue was fixed : - CVE-2015-0860: Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in dpkg allowed remote attackers to execute arbitrary code via the archive magic version number in an 'old-style' Debian binary package, which triggered a stack-based buffer overflow (bsc#957160). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 99654
    published 2017-04-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99654
    title SUSE SLED12 / SLES12 Security Update : dpkg (SUSE-SU-2017:1096-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-0918477A60.NASL
    description New upstream vesion, 1.17.27, Security fix for CVE-2015-0860 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-12-06
    plugin id 95542
    published 2016-12-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95542
    title Fedora 25 : dpkg (2016-0918477a60)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-10EC03ED27.NASL
    description New upstream vesion, 1.17.27 . Security fix for CVE-2015-0860 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-12-07
    plugin id 95578
    published 2016-12-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95578
    title Fedora 23 : dpkg (2016-10ec03ed27)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_876768AAAB1E11E58A305453ED2E2B49.NASL
    description Salvatore Bonaccorso reports : Hanno Boeck discovered a stack-based buffer overflow in the dpkg-deb component of dpkg, the Debian package management system. This flaw could potentially lead to arbitrary code execution if a user or an automated system were tricked into processing a specially crafted Debian binary package (.deb) in the old style Debian binary package format.
    last seen 2019-02-21
    modified 2018-12-19
    plugin id 87613
    published 2015-12-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87613
    title FreeBSD : dpkg -- stack-based buffer overflow (876768aa-ab1e-11e5-8a30-5453ed2e2b49)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-5608472A90.NASL
    description New upstream vesion, 1.17.27 . Security fix for CVE-2015-0860 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-12-07
    plugin id 95580
    published 2016-12-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95580
    title Fedora 24 : dpkg (2016-5608472a90)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-549.NASL
    description This update for dpkg fixes the following issues : This security issue was fixed : - CVE-2015-0860: Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in dpkg allowed remote attackers to execute arbitrary code via the archive magic version number in an 'old-style' Debian binary package, which triggered a stack-based buffer overflow (bsc#957160). This update was imported from the SUSE:SLE-12-SP1:Update update project.
    last seen 2019-02-21
    modified 2017-05-09
    plugin id 100036
    published 2017-05-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=100036
    title openSUSE Security Update : dpkg (openSUSE-2017-549)
refmap via4
confirm
debian DSA-3407
gentoo GLSA-201612-07
misc https://blog.fuzzing-project.org/30-Stack-overflows-and-out-of-bounds-read-in-dpkg-Debian.html
ubuntu USN-2820-1
Last major update 04-12-2015 - 10:43
Published 03-12-2015 - 15:59
Last modified 30-06-2017 - 21:29
Back to Top