Executive Summary
| Summary | |
|---|---|
| Title | New common-lisp-controller packages fix arbitrary code injection |
| Informations | |||
|---|---|---|---|
| Name | DSA-811 | First vendor Publication | 2005-09-14 |
| Vendor | Debian | Last vendor Modification | 2005-11-21 |
| Severity (Vendor) | N/A | Revision | 2 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 4.6 | Attack Range | Local |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 3.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| The bugfix for the problem mentioned below contained an error that caused third party programs to fail. The problem is corrected by this update. For completeness we're including the original advisory text: François-René Rideau discovered a bug in common-lisp-controller, a Common Lisp source and compiler manager, that allows a local user to compile malicious code into a cache directory which is executed by another user if that user has not used Common Lisp before. The old stable distribution (woody) is not affected by this problem. For the stable distribution (sarge) this problem has been fixed in version 4.15sarge3. For the unstable distribution (sid) this problem has been fixed in version 4.18. We recommend that you upgrade your common-lisp-controller package. |
Original Source
| Url : http://www.debian.org/security/2005/dsa-811 |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-01-17 | Name : Debian Security Advisory DSA 811-1 (common-lisp-controller) File : nvt/deb_811_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 811-2 (common-lisp-controller) File : nvt/deb_811_2.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 19385 | common-lisp-controller Cache Directory Owership Weakness Privilege Escalation Common-lisp-controller allows a local attacker to insert malicious code into the cache directory. Due to a failure to check ownership of the cache directory, this code may be automatically executed by other users when they use common lisp for the first time. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2005-09-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-811.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:34:21 |
|
