Multiple directory traversal vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to overwrite arbitrary files or obtain sensitive information via vectors involving (1) control field names, (2) control field values, and (3) control files of patch systems.
References
Link | Resource |
---|---|
http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=c8d01f062b3e5137cf65196760b079a855c75e00 | Broken Link |
http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d | Broken Link |
http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog | Broken Link |
http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.html | Mailing List Patch |
http://secunia.com/advisories/38375 | Broken Link Vendor Advisory |
http://secunia.com/advisories/38379 | Broken Link Vendor Advisory |
http://www.debian.org/security/2010/dsa-1979 | Third Party Advisory |
http://www.securityfocus.com/bid/37975 | Broken Link Patch Third Party Advisory VDB Entry |
http://www.ubuntu.com/usn/USN-891-1 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
26 Jan 2024, 17:44
Type | Values Removed | Values Added |
---|---|---|
First Time |
Canonical
Debian debian Linux Canonical ubuntu Linux |
|
CPE | cpe:2.3:a:debian:lintian:1.23.4:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:2.2.3:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:2.2.12:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:1.23.0:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:2.1.4:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:1.23.28:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:1.23.23:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:1.23.19:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:1.23.13:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:2.2.18:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:1.23.3:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:2.1.0:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:2.3.1:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:1.24.1:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:2.2.0:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:2.2.10:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:2.2.5:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:2.2.9:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:1.23.2:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:1.24.0:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:1.23.16:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:1.23.11:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:2.1.6:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:2.2.2:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:2.2.1:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:1.23.26:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:2.1.3:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:2.2.15:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:2.2.14:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:2.3.0:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:2.2.6:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:1.23.22:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:1.23.15:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:2.0-rc1:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:2.2.11:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:2.2.13:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:1.23.12:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:1.23.17:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:1.23.5:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:2.2.4:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:2.0-rc2:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:2.1.5:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:2.2.7:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:1.23.27:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:2.1.1:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:1.23.9:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:1.23.10:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:1.23.6:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:1.23.8:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:1.23.18:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:1.23.24:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:2.1.2:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:1.23.25:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:1.23.20:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:1.24.2:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:2.2.16:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:2.2.8:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:1.23.14:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:1.23.1:*:*:*:*:*:*:* |
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:* cpe:2.3:a:debian:lintian:*:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:* |
References | (BID) http://www.securityfocus.com/bid/37975 - Broken Link, Patch, Third Party Advisory, VDB Entry | |
References | (MLIST) http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.html - Mailing List, Patch | |
References | (DEBIAN) http://www.debian.org/security/2010/dsa-1979 - Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/38379 - Broken Link, Vendor Advisory | |
References | (UBUNTU) http://www.ubuntu.com/usn/USN-891-1 - Third Party Advisory | |
References | (CONFIRM) http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog - Broken Link | |
References | () http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d - Broken Link | |
References | () http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=c8d01f062b3e5137cf65196760b079a855c75e00 - Broken Link | |
References | (SECUNIA) http://secunia.com/advisories/38375 - Broken Link, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
07 Nov 2023, 02:04
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2010-02-02 16:30
Updated : 2024-02-28 11:41
NVD link : CVE-2009-4013
Mitre link : CVE-2009-4013
CVE.ORG link : CVE-2009-4013
JSON object : View
Products Affected
canonical
- ubuntu_linux
debian
- debian_linux
- lintian
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')