CVE-2009-4013

Multiple directory traversal vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to overwrite arbitrary files or obtain sensitive information via vectors involving (1) control field names, (2) control field values, and (3) control files of patch systems.

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=c8d01f062b3e5137cf65196760b079a855c75e00	Broken Link
http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d	Broken Link
http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog	Broken Link
http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.html	Mailing List Patch
http://secunia.com/advisories/38375	Broken Link Vendor Advisory
http://secunia.com/advisories/38379	Broken Link Vendor Advisory
http://www.debian.org/security/2010/dsa-1979	Third Party Advisory
http://www.securityfocus.com/bid/37975	Broken Link Patch Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-891-1	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:debian:lintian::::::::
	cpe:2.3:a:debian:lintian::::::::
	cpe:2.3:a:debian:lintian::::::::

Configuration 2 (hide)

OR	cpe:2.3:o:debian:debian_linux:4.0:::::::*
	cpe:2.3:o:debian:debian_linux:5.0:::::::*

Configuration 3 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:6.06:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:8.04:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:8.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:9.04:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:9.10:::::::*

History

26 Jan 2024, 17:44

Type	Values Removed	Values Added
First Time		Canonical ubuntu Linux Canonical Debian debian Linux
CPE	cpe:2.3:a:debian:lintian:2.2.0:::::::* cpe:2.3:a:debian:lintian:1.23.14:::::::* cpe:2.3:a:debian:lintian:2.2.4:::::::* cpe:2.3:a:debian:lintian:1.23.20:::::::* cpe:2.3:a:debian:lintian:1.23.24:::::::* cpe:2.3:a:debian:lintian:2.2.6:::::::* cpe:2.3:a:debian:lintian:2.2.7:::::::* cpe:2.3:a:debian:lintian:2.1.0:::::::* cpe:2.3:a:debian:lintian:1.23.27:::::::* cpe:2.3:a:debian:lintian:2.1.2:::::::* cpe:2.3:a:debian:lintian:2.2.13:::::::* cpe:2.3:a:debian:lintian:2.2.1:::::::* cpe:2.3:a:debian:lintian:1.23.23:::::::* cpe:2.3:a:debian:lintian:1.24.0:::::::* cpe:2.3:a:debian:lintian:2.0-rc2:::::::* cpe:2.3:a:debian:lintian:2.0-rc1:::::::* cpe:2.3:a:debian:lintian:1.23.17:::::::* cpe:2.3:a:debian:lintian:1.23.13:::::::* cpe:2.3:a:debian:lintian:1.24.2:::::::* cpe:2.3:a:debian:lintian:2.2.5:::::::* cpe:2.3:a:debian:lintian:1.23.12:::::::* cpe:2.3:a:debian:lintian:2.2.16:::::::* cpe:2.3:a:debian:lintian:1.23.0:::::::* cpe:2.3:a:debian:lintian:2.1.6:::::::* cpe:2.3:a:debian:lintian:2.2.14:::::::* cpe:2.3:a:debian:lintian:1.23.4:::::::* cpe:2.3:a:debian:lintian:2.3.0:::::::* cpe:2.3:a:debian:lintian:1.23.16:::::::* cpe:2.3:a:debian:lintian:1.23.1:::::::* cpe:2.3:a:debian:lintian:2.1.4:::::::* cpe:2.3:a:debian:lintian:2.2.8:::::::* cpe:2.3:a:debian:lintian:2.1.5:::::::* cpe:2.3:a:debian:lintian:1.24.1:::::::* cpe:2.3:a:debian:lintian:1.23.5:::::::* cpe:2.3:a:debian:lintian:1.23.18:::::::* cpe:2.3:a:debian:lintian:1.23.28:::::::* cpe:2.3:a:debian:lintian:1.23.26:::::::* cpe:2.3:a:debian:lintian:1.23.3:::::::* cpe:2.3:a:debian:lintian:1.23.15:::::::* cpe:2.3:a:debian:lintian:1.23.19:::::::* cpe:2.3:a:debian:lintian:2.2.2:::::::* cpe:2.3:a:debian:lintian:2.2.12:::::::* cpe:2.3:a:debian:lintian:2.2.18:::::::* cpe:2.3:a:debian:lintian:2.3.1:::::::* cpe:2.3:a:debian:lintian:1.23.10:::::::* cpe:2.3:a:debian:lintian:2.2.15:::::::* cpe:2.3:a:debian:lintian:1.23.7:::::::* cpe:2.3:a:debian:lintian:1.23.8:::::::* cpe:2.3:a:debian:lintian:2.2.11:::::::* cpe:2.3:a:debian:lintian:2.1.1:::::::* cpe:2.3:a:debian:lintian:1.23.9:::::::* cpe:2.3:a:debian:lintian:2.2.3:::::::* cpe:2.3:a:debian:lintian:2.1.3:::::::* cpe:2.3:a:debian:lintian:2.2.9:::::::* cpe:2.3:a:debian:lintian:1.23.2:::::::* cpe:2.3:a:debian:lintian:1.23.11:::::::* cpe:2.3:a:debian:lintian:1.23.6:::::::* cpe:2.3:a:debian:lintian:2.2.10:::::::* cpe:2.3:a:debian:lintian:1.23.22:::::::* cpe:2.3:a:debian:lintian:1.23.25:::::::*	cpe:2.3:o:canonical:ubuntu_linux:6.06:::::::* cpe:2.3:o:canonical:ubuntu_linux:9.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:8.10:::::::* cpe:2.3:a:debian:lintian:::::::: cpe:2.3:o:debian:debian_linux:5.0:::::::* cpe:2.3:o:debian:debian_linux:4.0:::::::* cpe:2.3:o:canonical:ubuntu_linux:8.04:::::::* cpe:2.3:o:canonical:ubuntu_linux:9.04:::::::*
References	~~() http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=c8d01f062b3e5137cf65196760b079a855c75e00 -~~	() http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=c8d01f062b3e5137cf65196760b079a855c75e00 - Broken Link
References	~~() http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d -~~	() http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d - Broken Link
References	~~() http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog -~~	() http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog - Broken Link
References	~~() http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.html -~~	() http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.html - Mailing List, Patch
References	~~() http://secunia.com/advisories/38375 - Vendor Advisory~~	() http://secunia.com/advisories/38375 - Broken Link, Vendor Advisory
References	~~() http://secunia.com/advisories/38379 - Vendor Advisory~~	() http://secunia.com/advisories/38379 - Broken Link, Vendor Advisory
References	~~() http://www.debian.org/security/2010/dsa-1979 -~~	() http://www.debian.org/security/2010/dsa-1979 - Third Party Advisory
References	~~() http://www.securityfocus.com/bid/37975 - Patch~~	() http://www.securityfocus.com/bid/37975 - Broken Link, Patch, Third Party Advisory, VDB Entry
References	~~() http://www.ubuntu.com/usn/USN-891-1 -~~	() http://www.ubuntu.com/usn/USN-891-1 - Third Party Advisory
CVSS	v2 : ~~7.5~~ v3 : ~~unknown~~	v2 : 7.5 v3 : 9.8

Information

Published : 2010-02-02 16:30

Updated : 2024-01-26 17:44

NVD link : CVE-2009-4013

Mitre link : CVE-2009-4013

CVE.ORG link : CVE-2009-4013

JSON object : View

Products Affected

debian

lintian
debian_linux

canonical

ubuntu_linux

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

9.8 /10