This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Debian First view 2010-02-02
Product Lintian Last view 2019-11-07
Version 1.23.16 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:debian:lintian

Activity : Overall

Related : CVE

  Date Alert Description
6.3 2019-11-07 CVE-2013-1429

Lintian before 2.5.12 allows remote attackers to gather information about the "host" system using crafted symlinks.

7.8 2017-05-08 CVE-2017-8829

Deserialization vulnerability in lintian through 2.5.50.3 allows attackers to trigger code execution by requesting a review of a source package with a crafted YAML file.

7.5 2010-02-02 CVE-2009-4015

Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allows remote attackers to execute arbitrary commands via shell metacharacters in filename arguments.

7.5 2010-02-02 CVE-2009-4014

Multiple format string vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to have an unspecified impact via vectors involving (1) check scripts and (2) the Lintian::Schedule module.

7.5 2010-02-02 CVE-2009-4013

Multiple directory traversal vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to overwrite arbitrary files or obtain sensitive information via vectors involving (1) control field names, (2) control field values, and (3) control files of patch systems.

CWE : Common Weakness Enumeration

%idName
20% (1) CWE-502 Deserialization of Untrusted Data
20% (1) CWE-134 Uncontrolled Format String
20% (1) CWE-89 Improper Sanitization of Special Elements used in an SQL Command ('...
20% (1) CWE-59 Improper Link Resolution Before File Access ('Link Following')
20% (1) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-23 File System Function Injection, Content Based
CAPEC-64 Using Slashes and URL Encoding Combined to Bypass Validation Logic
CAPEC-76 Manipulating Input to File System Calls
CAPEC-78 Using Escaped Slashes in Alternate Encoding
CAPEC-79 Using Slashes in Alternate Encoding
CAPEC-139 Relative Path Traversal

Open Source Vulnerability Database (OSVDB)

id Description
62127 Lintian Filename Shell Metacharacter Arbitrary Command Execution
62126 Lintian Multiple Module Remote Format String
62125 Lintian Control Field / File Traversal Arbitrary File Overwrite

OpenVAS Exploits

id Description
2010-01-29 Name : Ubuntu Update for lintian vulnerabilities USN-891-1
File : nvt/gb_ubuntu_USN_891_1.nasl

Nessus® Vulnerability Scanner

id Description
2017-06-07 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-3310-1.nasl - Type: ACT_GATHER_INFO
2010-02-24 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-1979.nasl - Type: ACT_GATHER_INFO
2010-01-28 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-891-1.nasl - Type: ACT_GATHER_INFO