Vulnerability CVE-2009-4013


Published: 2010-02-02   Modified: 2012-02-13

Description:
Multiple directory traversal vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to overwrite arbitrary files or obtain sensitive information via vectors involving (1) control field names, (2) control field values, and (3) control files of patch systems.

Type:

CWE-22

(Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'))

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Debian -> Lintian 

 References:
http://www.securityfocus.com/bid/37975
http://www.ubuntu.com/usn/USN-891-1
http://www.debian.org/security/2010/dsa-1979
http://secunia.com/advisories/38379
http://secunia.com/advisories/38375
http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.html
http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog
http://git.debian.org/?p=lintian/lintian.git;a=commit;h=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d
http://git.debian.org/?p=lintian/lintian.git;a=commit;h=c8d01f062b3e5137cf65196760b079a855c75e00

Copyright 2021, cxsecurity.com

 

Back to Top