CVE-2009-4013

Multiple directory traversal vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to overwrite arbitrary files or obtain sensitive information via vectors involving (1) control field names, (2) control field values, and (3) control files of patch systems.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
VendorProductVersion
debianlintian
1.23.0 ≤
𝑥
≤ 1.23.28
debianlintian
1.24.0 ≤
𝑥
≤ 1.24.2.1
debianlintian
2.0.0 ≤
𝑥
< 2.3.2
debiandebian_linux
4.0
debiandebian_linux
5.0
canonicalubuntu_linux
6.06
canonicalubuntu_linux
8.04
canonicalubuntu_linux
8.10
canonicalubuntu_linux
9.04
canonicalubuntu_linux
9.10
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
lintian
bullseye
2.104.0
fixed
bookworm
2.116.3
fixed
trixie
2.119.0
fixed
sid
2.120.0
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
lintian
karmic
Fixed 2.2.17ubuntu1.1
released
jaunty
Fixed 2.2.5ubuntu1.1
released
intrepid
Fixed 1.24.3ubuntu0.1
released
hardy
Fixed 1.23.46ubuntu0.1
released
dapper
Fixed 1.23.16ubuntu2.1
released
Common Weakness Enumeration
References
http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=c8d01f062b3e5137cf65196760b079a855c75e00
http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d
http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog
http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.html
http://secunia.com/advisories/38375
http://secunia.com/advisories/38379
http://www.debian.org/security/2010/dsa-1979
http://www.securityfocus.com/bid/37975
http://www.ubuntu.com/usn/USN-891-1
http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=c8d01f062b3e5137cf65196760b079a855c75e00
http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d
http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog
http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.html
http://secunia.com/advisories/38375
http://secunia.com/advisories/38379
http://www.debian.org/security/2010/dsa-1979
http://www.securityfocus.com/bid/37975
http://www.ubuntu.com/usn/USN-891-1