Login Sign Up

CVE-2013-7325

8.8 HIGH
Remote Code Execution

📋 TL;DR

CVE-2013-7325 is a remote code execution vulnerability in the uscan tool of devscripts package. Attackers can execute arbitrary code by tricking users into processing a maliciously crafted tarball. This affects systems running devscripts before version 2.13.19.

💻 Affected Systems

Products:
  • devscripts
Versions: All versions before 2.13.19
Operating Systems: Linux distributions using devscripts (Debian, Ubuntu, derivatives)
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems where uscan is installed and used to process tarballs. Common in Debian-based development environments.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Devscripts by Debian

View all CVEs affecting Devscripts →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining the privileges of the user running uscan, potentially leading to data theft, lateral movement, or persistence.

🟠

Likely Case

Local privilege escalation or arbitrary code execution in the context of the user running uscan, potentially compromising package management systems.

🟢

If Mitigated

No impact if patched or if uscan is not used to process untrusted tarballs from malicious sources.

🌐 Internet-Facing: MEDIUM - Requires user interaction to process malicious tarball, but could be delivered via package repositories or downloads.
🏢 Internal Only: LOW - Requires local user to run uscan on malicious tarball, typically limited to developers or system administrators.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires user to run uscan on a malicious tarball. Proof of concept exists in security advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.13.19 and later

Vendor Advisory: https://security-tracker.debian.org/tracker/CVE-2013-7325

Restart Required: No

Instructions:

1. Update devscripts package using your distribution's package manager. 2. For Debian/Ubuntu: sudo apt-get update && sudo apt-get install devscripts. 3. Verify version is 2.13.19 or higher.

🔧 Temporary Workarounds

Disable uscan usage

linux

Prevent execution of uscan tool on untrusted tarballs

chmod -x /usr/bin/uscan
mv /usr/bin/uscan /usr/bin/uscan.disabled

Restrict uscan permissions

linux

Run uscan with reduced privileges using sudo restrictions

sudo visudo -f /etc/sudoers.d/uscan-restrict
Add: username ALL=(ALL) NOPASSWD: /usr/bin/uscan --safe-mode

🧯 If You Can't Patch

  • Avoid running uscan on tarballs from untrusted sources
  • Implement strict file integrity monitoring on uscan binary and related directories

🔍 How to Verify

Check if Vulnerable:

Check devscripts version: dpkg -l | grep devscripts

Check Version:

dpkg -s devscripts | grep Version

Verify Fix Applied:

Verify version is 2.13.19 or higher: dpkg -s devscripts | grep Version

📡 Detection & Monitoring

Log Indicators:

  • Unusual uscan process execution patterns
  • Suspicious tarball processing in system logs

Network Indicators:

  • Downloads of unusual tarballs followed by uscan execution

SIEM Query:

process.name:"uscan" AND process.args:"*.tar.*"

📊 Metadata

CVE ID: CVE-2013-7325
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Published: December 3, 2019
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON