This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Debian First view 2004-01-10
Product Lintian Last view 2019-11-07
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:debian:lintian:1.24.0:*:*:*:*:*:*:* 5
cpe:2.3:a:debian:lintian:2.2.3:*:*:*:*:*:*:* 5
cpe:2.3:a:debian:lintian:2.2.16:*:*:*:*:*:*:* 5
cpe:2.3:a:debian:lintian:2.2.18:*:*:*:*:*:*:* 5
cpe:2.3:a:debian:lintian:2.3.0:*:*:*:*:*:*:* 5
cpe:2.3:a:debian:lintian:2.3.1:*:*:*:*:*:*:* 5
cpe:2.3:a:debian:lintian:1.23.3:*:*:*:*:*:*:* 5
cpe:2.3:a:debian:lintian:1.23.5:*:*:*:*:*:*:* 5
cpe:2.3:a:debian:lintian:1.23.10:*:*:*:*:*:*:* 5
cpe:2.3:a:debian:lintian:1.23.12:*:*:*:*:*:*:* 5
cpe:2.3:a:debian:lintian:1.23.14:*:*:*:*:*:*:* 5
cpe:2.3:a:debian:lintian:1.23.19:*:*:*:*:*:*:* 5
cpe:2.3:a:debian:lintian:1.23.22:*:*:*:*:*:*:* 5
cpe:2.3:a:debian:lintian:2.2.2:*:*:*:*:*:*:* 5
cpe:2.3:a:debian:lintian:1.24.2:*:*:*:*:*:*:* 5
cpe:2.3:a:debian:lintian:2.1.2:*:*:*:*:*:*:* 5
cpe:2.3:a:debian:lintian:2.1.4:*:*:*:*:*:*:* 5
cpe:2.3:a:debian:lintian:2.1.6:*:*:*:*:*:*:* 5
cpe:2.3:a:debian:lintian:2.2.4:*:*:*:*:*:*:* 5
cpe:2.3:a:debian:lintian:2.2.6:*:*:*:*:*:*:* 5
cpe:2.3:a:debian:lintian:2.2.13:*:*:*:*:*:*:* 5
cpe:2.3:a:debian:lintian:2.2.15:*:*:*:*:*:*:* 5
cpe:2.3:a:debian:lintian:1.23.2:*:*:*:*:*:*:* 5
cpe:2.3:a:debian:lintian:1.23.4:*:*:*:*:*:*:* 5
cpe:2.3:a:debian:lintian:1.23.11:*:*:*:*:*:*:* 5
cpe:2.3:a:debian:lintian:1.23.13:*:*:*:*:*:*:* 5
cpe:2.3:a:debian:lintian:2.2.10:*:*:*:*:*:*:* 5
cpe:2.3:a:debian:lintian:1.23.0:*:*:*:*:*:*:* 5
cpe:2.3:a:debian:lintian:1.23.1:*:*:*:*:*:*:* 5
cpe:2.3:a:debian:lintian:1.23.15:*:*:*:*:*:*:* 5
cpe:2.3:a:debian:lintian:1.23.16:*:*:*:*:*:*:* 5
cpe:2.3:a:debian:lintian:1.23.17:*:*:*:*:*:*:* 5
cpe:2.3:a:debian:lintian:1.23.18:*:*:*:*:*:*:* 5
cpe:2.3:a:debian:lintian:2.0-rc1:*:*:*:*:*:*:* 5
cpe:2.3:a:debian:lintian:2.0-rc2:*:*:*:*:*:*:* 5
cpe:2.3:a:debian:lintian:2.1.0:*:*:*:*:*:*:* 5
cpe:2.3:a:debian:lintian:2.1.1:*:*:*:*:*:*:* 5
cpe:2.3:a:debian:lintian:2.2.8:*:*:*:*:*:*:* 5
cpe:2.3:a:debian:lintian:2.2.9:*:*:*:*:*:*:* 5
cpe:2.3:a:debian:lintian:2.2.11:*:*:*:*:*:*:* 5
cpe:2.3:a:debian:lintian:1.23.6:*:*:*:*:*:*:* 5
cpe:2.3:a:debian:lintian:1.23.7:*:*:*:*:*:*:* 5
cpe:2.3:a:debian:lintian:1.23.8:*:*:*:*:*:*:* 5
cpe:2.3:a:debian:lintian:1.23.9:*:*:*:*:*:*:* 5
cpe:2.3:a:debian:lintian:1.23.24:*:*:*:*:*:*:* 5
cpe:2.3:a:debian:lintian:1.23.25:*:*:*:*:*:*:* 5
cpe:2.3:a:debian:lintian:1.23.26:*:*:*:*:*:*:* 5
cpe:2.3:a:debian:lintian:1.23.27:*:*:*:*:*:*:* 5
cpe:2.3:a:debian:lintian:2.2.0:*:*:*:*:*:*:* 5
cpe:2.3:a:debian:lintian:2.2.1:*:*:*:*:*:*:* 5

Related : CVE

  Date Alert Description
6.3 2019-11-07 CVE-2013-1429

Lintian before 2.5.12 allows remote attackers to gather information about the "host" system using crafted symlinks.

7.8 2017-05-08 CVE-2017-8829

Deserialization vulnerability in lintian through 2.5.50.3 allows attackers to trigger code execution by requesting a review of a source package with a crafted YAML file.

7.5 2010-02-02 CVE-2009-4015

Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allows remote attackers to execute arbitrary commands via shell metacharacters in filename arguments.

7.5 2010-02-02 CVE-2009-4014

Multiple format string vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to have an unspecified impact via vectors involving (1) check scripts and (2) the Lintian::Schedule module.

7.5 2010-02-02 CVE-2009-4013

Multiple directory traversal vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to overwrite arbitrary files or obtain sensitive information via vectors involving (1) control field names, (2) control field values, and (3) control files of patch systems.

2.1 2004-01-10 CVE-2004-1000

lintian 1.23 and earlier removes the working directory even if it was not created by lintian, which may allow local users to delete arbitrary files or directories via a symlink attack.

CWE : Common Weakness Enumeration

%idName
20% (1) CWE-502 Deserialization of Untrusted Data
20% (1) CWE-134 Uncontrolled Format String
20% (1) CWE-89 Improper Sanitization of Special Elements used in an SQL Command ('...
20% (1) CWE-59 Improper Link Resolution Before File Access ('Link Following')
20% (1) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-23 File System Function Injection, Content Based
CAPEC-64 Using Slashes and URL Encoding Combined to Bypass Validation Logic
CAPEC-76 Manipulating Input to File System Calls
CAPEC-78 Using Escaped Slashes in Alternate Encoding
CAPEC-79 Using Slashes in Alternate Encoding
CAPEC-139 Relative Path Traversal

Oval Markup Language : Definitions

OvalID Name
oval:org.mitre.oval:def:7013 DSA-1979 lintian -- multiple vulnerabilities
oval:org.mitre.oval:def:13615 DSA-1979-1 lintian -- multiple
oval:org.mitre.oval:def:12572 USN-891-1 -- lintian vulnerabilities

Open Source Vulnerability Database (OSVDB)

id Description
62127 Lintian Filename Shell Metacharacter Arbitrary Command Execution
62126 Lintian Multiple Module Remote Format String
62125 Lintian Control Field / File Traversal Arbitrary File Overwrite
12786 Debian lintian Symlink Arbitrary File Delete

OpenVAS Exploits

id Description
2010-01-29 Name : Ubuntu Update for lintian vulnerabilities USN-891-1
File : nvt/gb_ubuntu_USN_891_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 630-1 (lintian)
File : nvt/deb_630_1.nasl

Nessus® Vulnerability Scanner

id Description
2017-06-07 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-3310-1.nasl - Type: ACT_GATHER_INFO
2010-02-24 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-1979.nasl - Type: ACT_GATHER_INFO
2010-01-28 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-891-1.nasl - Type: ACT_GATHER_INFO
2005-01-12 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-630.nasl - Type: ACT_GATHER_INFO