Executive Summary

Summary
Title devscripts vulnerability
Informations
Name USN-847-2 First vendor Publication 2009-10-09
Vendor Ubuntu Last vendor Modification 2009-10-09
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS:
devscripts 2.9.10-0ubuntu0.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

USN-847-1 fixed vulnerabilities in devscripts. This update provides the corresponding updates for Ubuntu 6.06 LTS.

Original advisory details:

Raphael Geissert discovered that uscan, a part of devscripts, did not
properly sanitize its input when processing pathnames. If uscan processed a
crafted filename for a file on a remote server, an attacker could execute
arbitrary code with the privileges of the user invoking the program.

Original Source

Url : http://www.ubuntu.com/usn/USN-847-2

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2016-04-27 00:31:51
  • Multiple Updates
2014-02-17 12:06:19
  • Multiple Updates
2013-05-11 00:56:11
  • Multiple Updates