Multiple directory traversal vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to overwrite arbitrary files or obtain sensitive information via vectors involving (1) control field names, (2) control field values, and (3) control files of patch systems.
References
Link | Resource |
---|---|
http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=c8d01f062b3e5137cf65196760b079a855c75e00 | Broken Link |
http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d | Broken Link |
http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog | Broken Link |
http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.html | Mailing List Patch |
http://secunia.com/advisories/38375 | Broken Link Vendor Advisory |
http://secunia.com/advisories/38379 | Broken Link Vendor Advisory |
http://www.debian.org/security/2010/dsa-1979 | Third Party Advisory |
http://www.securityfocus.com/bid/37975 | Broken Link Patch Third Party Advisory VDB Entry |
http://www.ubuntu.com/usn/USN-891-1 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
26 Jan 2024, 17:44
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
CPE | cpe:2.3:a:debian:lintian:1.23.0:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:1.23.24:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:1.23.18:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:1.24.0:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:1.23.2:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:1.23.17:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:2.2.14:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:2.1.1:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:1.23.1:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:2.1.0:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:2.2.1:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:1.23.12:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:1.23.4:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:2.2.12:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:2.2.16:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:2.2.3:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:2.1.4:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:1.23.11:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:2.1.3:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:2.2.10:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:1.23.13:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:1.24.1:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:1.23.10:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:1.23.20:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:1.23.26:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:2.2.8:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:2.2.11:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:1.23.16:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:2.2.5:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:2.3.1:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:1.23.9:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:1.23.3:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:1.23.8:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:2.3.0:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:1.23.25:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:1.23.15:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:2.0-rc1:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:2.2.18:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:1.23.19:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:1.23.23:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:1.23.28:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:2.2.7:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:2.2.9:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:1.23.14:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:2.2.13:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:2.2.15:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:1.23.22:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:2.2.6:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:2.1.2:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:2.1.5:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:2.0-rc2:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:2.2.0:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:1.24.2:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:2.1.6:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:1.23.7:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:2.2.2:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:2.2.4:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:1.23.27:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:1.23.6:*:*:*:*:*:*:* |
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:*:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:* |
References |
|
|
References | (UBUNTU) http://www.ubuntu.com/usn/USN-891-1 - Third Party Advisory | |
References | (BID) http://www.securityfocus.com/bid/37975 - Broken Link, Patch, Third Party Advisory, VDB Entry | |
References | (SECUNIA) http://secunia.com/advisories/38379 - Broken Link, Vendor Advisory | |
References | (CONFIRM) http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog - Broken Link | |
References | (DEBIAN) http://www.debian.org/security/2010/dsa-1979 - Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/38375 - Broken Link, Vendor Advisory | |
References | (MLIST) http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.html - Mailing List, Patch |
Information
Published : 2010-02-02 16:30
Updated : 2024-02-04 17:54
NVD link : CVE-2009-4013
Mitre link : CVE-2009-4013
CVE.ORG link : CVE-2009-4013
JSON object : View
Products Affected
debian
- lintian
- debian_linux
canonical
- ubuntu_linux
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')