9.8

CVE-2009-4013

Multiple directory traversal vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to overwrite arbitrary files or obtain sensitive information via vectors involving (1) control field names, (2) control field values, and (3) control files of patch systems.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DebianLintian Version >= 1.23.0 <= 1.23.28
DebianLintian Version >= 1.24.0 <= 1.24.2.1
DebianLintian Version >= 2.0.0 < 2.3.2
DebianDebian Linux Version4.0
DebianDebian Linux Version5.0
CanonicalUbuntu Linux Version6.06
CanonicalUbuntu Linux Version8.04
CanonicalUbuntu Linux Version8.10
CanonicalUbuntu Linux Version9.04
CanonicalUbuntu Linux Version9.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.68% 0.92
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=c8d01f062b3e5137cf65196760b079a855c75e00
Broken Link
http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d
Broken Link
http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog
Broken Link
http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.html
Patch
Mailing List
http://secunia.com/advisories/38375
Vendor Advisory
Broken Link
http://secunia.com/advisories/38379
Vendor Advisory
Broken Link
http://www.debian.org/security/2010/dsa-1979
Third Party Advisory
http://www.securityfocus.com/bid/37975
Patch
Third Party Advisory
Broken Link
VDB Entry
http://www.ubuntu.com/usn/USN-891-1
Third Party Advisory