Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title lintian vulnerabilities
Informations
Name USN-891-1 First vendor Publication 2010-01-28
Vendor Ubuntu Last vendor Modification 2010-01-28
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 Ubuntu 9.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS:
lintian 1.23.16ubuntu2.1

Ubuntu 8.04 LTS:
lintian 1.23.46ubuntu0.1

Ubuntu 8.10:
lintian 1.24.3ubuntu0.1

Ubuntu 9.04:
lintian 2.2.5ubuntu1.1

Ubuntu 9.10:
lintian 2.2.17ubuntu1.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

It was discovered that lintian did not correctly validate certain filenames when processing input. If a user or an automated system were tricked into running lintian on a specially crafted set of files, a remote attacker could execute arbitrary code with user privileges.

Original Source

Url : http://www.ubuntu.com/usn/USN-891-1

CAPEC : Common Attack Pattern Enumeration & Classification

Id Name
CAPEC-23 File System Function Injection, Content Based
CAPEC-64 Using Slashes and URL Encoding Combined to Bypass Validation Logic
CAPEC-76 Manipulating Input to File System Calls
CAPEC-78 Using Escaped Slashes in Alternate Encoding
CAPEC-79 Using Slashes in Alternate Encoding
CAPEC-139 Relative Path Traversal

CWE : Common Weakness Enumeration

% Id Name
33 % CWE-134 Uncontrolled Format String (CWE/SANS Top 25)
33 % CWE-89 Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') (CWE/SANS Top 25)
33 % CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:12572
 
Oval ID: oval:org.mitre.oval:def:12572
Title: USN-891-1 -- lintian vulnerabilities
Description: It was discovered that lintian did not correctly validate certain filenames when processing input. If a user or an automated system were tricked into running lintian on a specially crafted set of files, a remote attacker could execute arbitrary code with user privileges.
Family: unix Class: patch
Reference(s): USN-891-1
CVE-2009-4013
CVE-2009-4014
CVE-2009-4015
Version: 7
Platform(s): Ubuntu 8.04
Ubuntu 8.10
Ubuntu 9.10
Ubuntu 6.06
Ubuntu 9.04
Product(s): lintian
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13615
 
Oval ID: oval:org.mitre.oval:def:13615
Title: DSA-1979-1 lintian -- multiple
Description: Multiple vulnerabilities have been discovered in lintian, a Debian package checker. The following Common Vulnerabilities and Exposures project ids have been assigned to identify them: CVE-2009-4013: missing control files sanitation Control field names and values were not sanitised before using them in certain operations that could lead to directory traversals. Patch systems" control files were not sanitised before using them in certain operations that could lead to directory traversals. An attacker could exploit these vulnerabilities to overwrite arbitrary files or disclose system information. CVE-2009-4014: format string vulnerabilities Multiple check scripts and the Lintian::Schedule module were using user-provided input as part of the sprintf/printf format string. CVE-2009-4015: arbitrary command execution File names were not properly escaped when passing them as arguments to certain commands, allowing the execution of other commands as pipes or as a set of shell commands. For the oldstable distribution, these problems have been fixed in version 1.23.28+etch1. For the stable distribution, these problems have been fixed in version 1.24.2.1+lenny1. For the testing distribution, these problems will be fixed soon. For the unstable distribution, these problems have been fixed in version 2.3.2 We recommend that you upgrade your lintian packages.
Family: unix Class: patch
Reference(s): DSA-1979-1
CVE-2009-4013
CVE-2009-4014
CVE-2009-4015
Version: 7
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): lintian
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7013
 
Oval ID: oval:org.mitre.oval:def:7013
Title: DSA-1979 lintian -- multiple vulnerabilities
Description: Multiple vulnerabilities have been discovered in lintian, a Debian package checker. The following Common Vulnerabilities and Exposures project ids have been assigned to identify them: Control field names and values were not sanitised before using them in certain operations that could lead to directory traversals. Patch systems" control files were not sanitised before using them in certain operations that could lead to directory traversals. An attacker could exploit these vulnerabilities to overwrite arbitrary files or disclose system information. Multiple check scripts and the Lintian::Schedule module were using user-provided input as part of the sprintf/printf format string. File names were not properly escaped when passing them as arguments to certain commands, allowing the execution of other commands as pipes or as a set of shell commands.
Family: unix Class: patch
Reference(s): DSA-1979
CVE-2009-4013
CVE-2009-4014
CVE-2009-4015
Version: 7
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): lintian
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 63
Os 5
Os 2

OpenVAS Exploits

Date Description
2010-01-29 Name : Ubuntu Update for lintian vulnerabilities USN-891-1
File : nvt/gb_ubuntu_USN_891_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
62127 Lintian Filename Shell Metacharacter Arbitrary Command Execution

62126 Lintian Multiple Module Remote Format String

62125 Lintian Control Field / File Traversal Arbitrary File Overwrite

Nessus® Vulnerability Scanner

Date Description
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1979.nasl - Type : ACT_GATHER_INFO
2010-01-28 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-891-1.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 12:06:33
  • Multiple Updates