Executive Summary

Informations
Name CVE-2012-0212 First vendor Publication 2012-06-15
Vendor Cve Last vendor Modification 2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via shell metacharacters in the file name argument.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0212

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:14780
 
Oval ID: oval:org.mitre.oval:def:14780
Title: DSA-2409-1 devscripts -- several
Description: Several vulnerabilities have been discovered in debdiff, a script used to compare two Debian packages, which is part of the devscripts package. The following Common Vulnerabilities and Exposures project ids have been assigned to identify them: CVE-2012-0210: Paul Wise discovered that due to insufficient input sanitising when processing .dsc and .changes files, it is possible to execute arbitrary code and disclose system information. CVE-2012-0211: Raphael Geissert discovered that it is possible to inject or modify arguments of external commands when processing source packages with specially-named tarballs in the top-level directory of the .orig tarball, allowing arbitrary code execution. CVE-2012-0212: Raphael Geissert discovered that it is possible to inject or modify arguments of external commands when passing as argument to debdiff a specially-named file, allowing arbitrary code execution.
Family: unix Class: patch
Reference(s): DSA-2409-1
CVE-2012-0210
CVE-2012-0211
CVE-2012-0212
 Version: 7
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
 Product(s): devscripts
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15127
 
Oval ID: oval:org.mitre.oval:def:15127
Title: USN-1366-1 -- devscripts vulnerabilities
Description: devscripts: scripts to make the life of a Debian Package maintainer easier debdiff, a part of devscripts, could be made to run programs as your login if it opened a specially crafted file.
Family: unix Class: patch
Reference(s): USN-1366-1
CVE-2012-0210
CVE-2012-0211
CVE-2012-0212
 Version: 7
Platform(s): Ubuntu 11.04
Ubuntu 11.10
Ubuntu 8.04
Ubuntu 10.04
Ubuntu 10.10
 Product(s): devscripts
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 70

OpenVAS Exploits

Date Description
2012-10-03 Name : Ubuntu Update for devscripts USN-1593-1
File : nvt/gb_ubuntu_USN_1593_1.nasl
2012-09-19 Name : Debian Security Advisory DSA 2549-1 (devscripts)
File : nvt/deb_2549_1.nasl
2012-03-12 Name : Debian Security Advisory DSA 2409-1 (devscripts)
File : nvt/deb_2409_1.nasl
2012-02-21 Name : Ubuntu Update for devscripts USN-1366-1
File : nvt/gb_ubuntu_USN_1366_1.nasl

Nessus® Vulnerability Scanner

Date Description
2012-10-03 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1593-1.nasl - Type : ACT_GATHER_INFO
2012-09-17 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2549.nasl - Type : ACT_GATHER_INFO
2012-02-16 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2409.nasl - Type : ACT_GATHER_INFO
2012-02-16 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1366-1.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git%3Ba=commitdiff%...
http://secunia.com/advisories/47955
http://secunia.com/advisories/48039
http://ubuntu.com/usn/usn-1366-1
http://www.debian.org/security/2012/dsa-2409
http://www.osvdb.org/79322
http://www.securityfocus.com/bid/52029
http://www.ubuntu.com/usn/USN-1593-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/73217
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
Date Informations
2024-11-28 23:01:33
  • Multiple Updates
2024-11-28 12:28:26
  • Multiple Updates
2023-11-07 21:47:00
  • Multiple Updates
2021-05-04 12:18:59
  • Multiple Updates
2021-04-22 01:22:42
  • Multiple Updates
2020-05-23 00:32:37
  • Multiple Updates
2017-08-29 09:23:40
  • Multiple Updates
2016-06-28 18:58:40
  • Multiple Updates
2016-04-26 21:24:33
  • Multiple Updates
2014-02-17 11:07:13
  • Multiple Updates
2013-05-10 22:31:53
  • Multiple Updates