CVE-2009-4013

Multiple directory traversal vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to overwrite arbitrary files or obtain sensitive information via vectors involving (1) control field names, (2) control field values, and (3) control files of patch systems.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:debian:lintian:*:*:*:*:*:*:*:*
cpe:2.3:a:debian:lintian:*:*:*:*:*:*:*:*
cpe:2.3:a:debian:lintian:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*

History

26 Jan 2024, 17:44

Type Values Removed Values Added
First Time Canonical
Debian debian Linux
Canonical ubuntu Linux
CPE cpe:2.3:a:debian:lintian:1.23.7:*:*:*:*:*:*:*
cpe:2.3:a:debian:lintian:1.23.4:*:*:*:*:*:*:*
cpe:2.3:a:debian:lintian:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:debian:lintian:2.2.12:*:*:*:*:*:*:*
cpe:2.3:a:debian:lintian:1.23.0:*:*:*:*:*:*:*
cpe:2.3:a:debian:lintian:2.1.4:*:*:*:*:*:*:*
cpe:2.3:a:debian:lintian:1.23.28:*:*:*:*:*:*:*
cpe:2.3:a:debian:lintian:1.23.23:*:*:*:*:*:*:*
cpe:2.3:a:debian:lintian:1.23.19:*:*:*:*:*:*:*
cpe:2.3:a:debian:lintian:1.23.13:*:*:*:*:*:*:*
cpe:2.3:a:debian:lintian:2.2.18:*:*:*:*:*:*:*
cpe:2.3:a:debian:lintian:1.23.3:*:*:*:*:*:*:*
cpe:2.3:a:debian:lintian:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:debian:lintian:2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:debian:lintian:1.24.1:*:*:*:*:*:*:*
cpe:2.3:a:debian:lintian:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:debian:lintian:2.2.10:*:*:*:*:*:*:*
cpe:2.3:a:debian:lintian:2.2.5:*:*:*:*:*:*:*
cpe:2.3:a:debian:lintian:2.2.9:*:*:*:*:*:*:*
cpe:2.3:a:debian:lintian:1.23.2:*:*:*:*:*:*:*
cpe:2.3:a:debian:lintian:1.24.0:*:*:*:*:*:*:*
cpe:2.3:a:debian:lintian:1.23.16:*:*:*:*:*:*:*
cpe:2.3:a:debian:lintian:1.23.11:*:*:*:*:*:*:*
cpe:2.3:a:debian:lintian:2.1.6:*:*:*:*:*:*:*
cpe:2.3:a:debian:lintian:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:debian:lintian:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:debian:lintian:1.23.26:*:*:*:*:*:*:*
cpe:2.3:a:debian:lintian:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:debian:lintian:2.2.15:*:*:*:*:*:*:*
cpe:2.3:a:debian:lintian:2.2.14:*:*:*:*:*:*:*
cpe:2.3:a:debian:lintian:2.3.0:*:*:*:*:*:*:*
cpe:2.3:a:debian:lintian:2.2.6:*:*:*:*:*:*:*
cpe:2.3:a:debian:lintian:1.23.22:*:*:*:*:*:*:*
cpe:2.3:a:debian:lintian:1.23.15:*:*:*:*:*:*:*
cpe:2.3:a:debian:lintian:2.0-rc1:*:*:*:*:*:*:*
cpe:2.3:a:debian:lintian:2.2.11:*:*:*:*:*:*:*
cpe:2.3:a:debian:lintian:2.2.13:*:*:*:*:*:*:*
cpe:2.3:a:debian:lintian:1.23.12:*:*:*:*:*:*:*
cpe:2.3:a:debian:lintian:1.23.17:*:*:*:*:*:*:*
cpe:2.3:a:debian:lintian:1.23.5:*:*:*:*:*:*:*
cpe:2.3:a:debian:lintian:2.2.4:*:*:*:*:*:*:*
cpe:2.3:a:debian:lintian:2.0-rc2:*:*:*:*:*:*:*
cpe:2.3:a:debian:lintian:2.1.5:*:*:*:*:*:*:*
cpe:2.3:a:debian:lintian:2.2.7:*:*:*:*:*:*:*
cpe:2.3:a:debian:lintian:1.23.27:*:*:*:*:*:*:*
cpe:2.3:a:debian:lintian:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:debian:lintian:1.23.9:*:*:*:*:*:*:*
cpe:2.3:a:debian:lintian:1.23.10:*:*:*:*:*:*:*
cpe:2.3:a:debian:lintian:1.23.6:*:*:*:*:*:*:*
cpe:2.3:a:debian:lintian:1.23.8:*:*:*:*:*:*:*
cpe:2.3:a:debian:lintian:1.23.18:*:*:*:*:*:*:*
cpe:2.3:a:debian:lintian:1.23.24:*:*:*:*:*:*:*
cpe:2.3:a:debian:lintian:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:debian:lintian:1.23.25:*:*:*:*:*:*:*
cpe:2.3:a:debian:lintian:1.23.20:*:*:*:*:*:*:*
cpe:2.3:a:debian:lintian:1.24.2:*:*:*:*:*:*:*
cpe:2.3:a:debian:lintian:2.2.16:*:*:*:*:*:*:*
cpe:2.3:a:debian:lintian:2.2.8:*:*:*:*:*:*:*
cpe:2.3:a:debian:lintian:1.23.14:*:*:*:*:*:*:*
cpe:2.3:a:debian:lintian:1.23.1:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
cpe:2.3:a:debian:lintian:*:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*
References (BID) http://www.securityfocus.com/bid/37975 - Patch (BID) http://www.securityfocus.com/bid/37975 - Broken Link, Patch, Third Party Advisory, VDB Entry
References (MLIST) http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.html - (MLIST) http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.html - Mailing List, Patch
References (DEBIAN) http://www.debian.org/security/2010/dsa-1979 - (DEBIAN) http://www.debian.org/security/2010/dsa-1979 - Third Party Advisory
References (SECUNIA) http://secunia.com/advisories/38379 - Vendor Advisory (SECUNIA) http://secunia.com/advisories/38379 - Broken Link, Vendor Advisory
References (UBUNTU) http://www.ubuntu.com/usn/USN-891-1 - (UBUNTU) http://www.ubuntu.com/usn/USN-891-1 - Third Party Advisory
References (CONFIRM) http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog - (CONFIRM) http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog - Broken Link
References () http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d - () http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d - Broken Link
References () http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=c8d01f062b3e5137cf65196760b079a855c75e00 - () http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=c8d01f062b3e5137cf65196760b079a855c75e00 - Broken Link
References (SECUNIA) http://secunia.com/advisories/38375 - Vendor Advisory (SECUNIA) http://secunia.com/advisories/38375 - Broken Link, Vendor Advisory
CVSS v2 : 7.5
v3 : unknown
v2 : 7.5
v3 : 9.8

07 Nov 2023, 02:04

Type Values Removed Values Added
References
  • {'url': 'http://git.debian.org/?p=lintian/lintian.git;a=commit;h=c8d01f062b3e5137cf65196760b079a855c75e00', 'name': 'http://git.debian.org/?p=lintian/lintian.git;a=commit;h=c8d01f062b3e5137cf65196760b079a855c75e00', 'tags': [], 'refsource': 'CONFIRM'}
  • {'url': 'http://git.debian.org/?p=lintian/lintian.git;a=commit;h=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d', 'name': 'http://git.debian.org/?p=lintian/lintian.git;a=commit;h=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d', 'tags': [], 'refsource': 'CONFIRM'}
  • () http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=c8d01f062b3e5137cf65196760b079a855c75e00 -
  • () http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d -

Information

Published : 2010-02-02 16:30

Updated : 2024-02-28 11:41


NVD link : CVE-2009-4013

Mitre link : CVE-2009-4013

CVE.ORG link : CVE-2009-4013


JSON object : View

Products Affected

canonical

  • ubuntu_linux

debian

  • debian_linux
  • lintian
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')