Executive Summary
Summary | |
---|---|
Title | lintian vulnerabilities |
Informations | |||
---|---|---|---|
Name | USN-891-1 | First vendor Publication | 2010-01-28 |
Vendor | Ubuntu | Last vendor Modification | 2010-01-28 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 Ubuntu 9.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: Ubuntu 8.04 LTS: Ubuntu 8.10: Ubuntu 9.04: Ubuntu 9.10: In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that lintian did not correctly validate certain filenames when processing input. If a user or an automated system were tricked into running lintian on a specially crafted set of files, a remote attacker could execute arbitrary code with user privileges. |
Original Source
Url : http://www.ubuntu.com/usn/USN-891-1 |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-23 | File System Function Injection, Content Based |
CAPEC-64 | Using Slashes and URL Encoding Combined to Bypass Validation Logic |
CAPEC-76 | Manipulating Input to File System Calls |
CAPEC-78 | Using Escaped Slashes in Alternate Encoding |
CAPEC-79 | Using Slashes in Alternate Encoding |
CAPEC-139 | Relative Path Traversal |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
33 % | CWE-134 | Uncontrolled Format String (CWE/SANS Top 25) |
33 % | CWE-89 | Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') (CWE/SANS Top 25) |
33 % | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:12572 | |||
Oval ID: | oval:org.mitre.oval:def:12572 | ||
Title: | USN-891-1 -- lintian vulnerabilities | ||
Description: | It was discovered that lintian did not correctly validate certain filenames when processing input. If a user or an automated system were tricked into running lintian on a specially crafted set of files, a remote attacker could execute arbitrary code with user privileges. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-891-1 CVE-2009-4013 CVE-2009-4014 CVE-2009-4015 | Version: | 7 |
Platform(s): | Ubuntu 8.04 Ubuntu 8.10 Ubuntu 9.10 Ubuntu 6.06 Ubuntu 9.04 | Product(s): | lintian |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13615 | |||
Oval ID: | oval:org.mitre.oval:def:13615 | ||
Title: | DSA-1979-1 lintian -- multiple | ||
Description: | Multiple vulnerabilities have been discovered in lintian, a Debian package checker. The following Common Vulnerabilities and Exposures project ids have been assigned to identify them: CVE-2009-4013: missing control files sanitation Control field names and values were not sanitised before using them in certain operations that could lead to directory traversals. Patch systems" control files were not sanitised before using them in certain operations that could lead to directory traversals. An attacker could exploit these vulnerabilities to overwrite arbitrary files or disclose system information. CVE-2009-4014: format string vulnerabilities Multiple check scripts and the Lintian::Schedule module were using user-provided input as part of the sprintf/printf format string. CVE-2009-4015: arbitrary command execution File names were not properly escaped when passing them as arguments to certain commands, allowing the execution of other commands as pipes or as a set of shell commands. For the oldstable distribution, these problems have been fixed in version 1.23.28+etch1. For the stable distribution, these problems have been fixed in version 1.24.2.1+lenny1. For the testing distribution, these problems will be fixed soon. For the unstable distribution, these problems have been fixed in version 2.3.2 We recommend that you upgrade your lintian packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1979-1 CVE-2009-4013 CVE-2009-4014 CVE-2009-4015 | Version: | 7 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | lintian |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7013 | |||
Oval ID: | oval:org.mitre.oval:def:7013 | ||
Title: | DSA-1979 lintian -- multiple vulnerabilities | ||
Description: | Multiple vulnerabilities have been discovered in lintian, a Debian package checker. The following Common Vulnerabilities and Exposures project ids have been assigned to identify them: Control field names and values were not sanitised before using them in certain operations that could lead to directory traversals. Patch systems" control files were not sanitised before using them in certain operations that could lead to directory traversals. An attacker could exploit these vulnerabilities to overwrite arbitrary files or disclose system information. Multiple check scripts and the Lintian::Schedule module were using user-provided input as part of the sprintf/printf format string. File names were not properly escaped when passing them as arguments to certain commands, allowing the execution of other commands as pipes or as a set of shell commands. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1979 CVE-2009-4013 CVE-2009-4014 CVE-2009-4015 | Version: | 7 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | lintian |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2010-01-29 | Name : Ubuntu Update for lintian vulnerabilities USN-891-1 File : nvt/gb_ubuntu_USN_891_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
62127 | Lintian Filename Shell Metacharacter Arbitrary Command Execution |
62126 | Lintian Multiple Module Remote Format String |
62125 | Lintian Control Field / File Traversal Arbitrary File Overwrite |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1979.nasl - Type : ACT_GATHER_INFO |
2010-01-28 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-891-1.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:06:33 |
|