ID CVE-2012-2241 Type cve Reporter cve@mitre.org Modified 2017-08-29T01:31:00
Description
scripts/dget.pl in devscripts before 2.12.3 allows remote attackers to delete arbitrary files via a crafted (1) .dsc or (2) .changes file, probably related to a NULL byte in a filename.
{"openvas": [{"lastseen": "2019-05-29T18:38:38", "bulletinFamily": "scanner", "description": "The remote host is missing an update to devscripts\nannounced via advisory DSA 2549-1.", "modified": "2019-03-18T00:00:00", "published": "2012-09-19T00:00:00", "id": "OPENVAS:136141256231072207", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231072207", "title": "Debian Security Advisory DSA 2549-1 (devscripts)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2549_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2549-1 (devscripts)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.72207\");\n script_cve_id(\"CVE-2012-2240\", \"CVE-2012-2241\", \"CVE-2012-2242\", \"CVE-2012-3500\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-09-19 03:27:42 -0400 (Wed, 19 Sep 2012)\");\n script_name(\"Debian Security Advisory DSA 2549-1 (devscripts)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB6\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202549-1\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in devscripts, a set of\nscripts to make the life of a Debian Package maintainer easier.\nThe following Common Vulnerabilities and Exposures project ids have\nbeen assigned to identify them:\n\nCVE-2012-2240:\n\nRaphael Geissert discovered that dscverify does not perform\nsufficient validation and does not properly escape arguments to\nexternal commands, allowing a remote attacker (as when dscverify is\nused by dget) to execute arbitrary code.\n\nCVE-2012-2241:\n\nRaphael Geissert discovered that dget allows an attacker to delete\narbitrary files when processing a specially-crafted .dsc or\n.changes file, due to insuficient input validation.\n\nCVE-2012-2242:\n\nRaphael Geissert discovered that dget does not properly escape\narguments to external commands when processing .dsc and .changes\nfiles, allowing an attacker to execute arbitrary code.\nThis issue is limited with the fix for CVE-2012-2241, and had\nalready been fixed in version 2.10.73 due to changes to the code,\nwithout considering its security implications.\n\nCVE-2012-3500:\n\nJim Meyering, Red Hat, discovered that annotate-output determines\nthe name of temporary named pipes in a way that allows a local\nattacker to make it abort, leading to denial of service.\n\n\nAdditionally, a regression in the exit code of debdiff introduced in\nDSA-2409-1 has been fixed.\n\nFor the stable distribution (squeeze), these problems have been fixed in\nversion 2.10.69+squeeze4.\n\nFor the testing distribution (wheezy), these problems will be fixed\nsoon.\n\nFor the unstable distribution (sid), these problems will be fixed in\nversion 2.12.3.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your devscripts packages.\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to devscripts\nannounced via advisory DSA 2549-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"devscripts\", ver:\"2.10.69+squeeze4\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:51:16", "bulletinFamily": "scanner", "description": "The remote host is missing an update to devscripts\nannounced via advisory DSA 2549-1.", "modified": "2017-07-07T00:00:00", "published": "2012-09-19T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=72207", "id": "OPENVAS:72207", "title": "Debian Security Advisory DSA 2549-1 (devscripts)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2549_1.nasl 6612 2017-07-07 12:08:03Z cfischer $\n# Description: Auto-generated from advisory DSA 2549-1 (devscripts)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities have been discovered in devscripts, a set of\nscripts to make the life of a Debian Package maintainer easier.\nThe following Common Vulnerabilities and Exposures project ids have\nbeen assigned to identify them:\n\nCVE-2012-2240:\n\nRaphael Geissert discovered that dscverify does not perform\nsufficient validation and does not properly escape arguments to\nexternal commands, allowing a remote attacker (as when dscverify is\nused by dget) to execute arbitrary code.\n\nCVE-2012-2241:\n\nRaphael Geissert discovered that dget allows an attacker to delete\narbitrary files when processing a specially-crafted .dsc or\n.changes file, due to insuficient input validation.\n\nCVE-2012-2242:\n\nRaphael Geissert discovered that dget does not properly escape\narguments to external commands when processing .dsc and .changes\nfiles, allowing an attacker to execute arbitrary code.\nThis issue is limited with the fix for CVE-2012-2241, and had\nalready been fixed in version 2.10.73 due to changes to the code,\nwithout considering its security implications.\n\nCVE-2012-3500:\n\nJim Meyering, Red Hat, discovered that annotate-output determines\nthe name of temporary named pipes in a way that allows a local\nattacker to make it abort, leading to denial of service.\n\n\nAdditionally, a regression in the exit code of debdiff introduced in\nDSA-2409-1 has been fixed.\n\nFor the stable distribution (squeeze), these problems have been fixed in\nversion 2.10.69+squeeze4.\n\nFor the testing distribution (wheezy), these problems will be fixed\nsoon.\n\nFor the unstable distribution (sid), these problems will be fixed in\nversion 2.12.3.\n\nWe recommend that you upgrade your devscripts packages.\";\ntag_summary = \"The remote host is missing an update to devscripts\nannounced via advisory DSA 2549-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202549-1\";\n\nif(description)\n{\n script_id(72207);\n script_cve_id(\"CVE-2012-2240\", \"CVE-2012-2241\", \"CVE-2012-2242\", \"CVE-2012-3500\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 6612 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:03 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-09-19 03:27:42 -0400 (Wed, 19 Sep 2012)\");\n script_name(\"Debian Security Advisory DSA 2549-1 (devscripts)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"devscripts\", ver:\"2.10.69+squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-04T11:20:55", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1593-1", "modified": "2017-12-01T00:00:00", "published": "2012-10-03T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=841169", "id": "OPENVAS:841169", "title": "Ubuntu Update for devscripts USN-1593-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1593_1.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for devscripts USN-1593-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Raphael Geissert discovered that the debdiff.pl tool incorrectly handled\n shell metacharacters. If a user or automated system were tricked into\n processing a specially crafted filename, a remote attacher could possibly\n execute arbitrary code. (CVE-2012-0212)\n\n Raphael Geissert discovered that the dscverify tool incorrectly escaped\n arguments to external commands. If a user or automated system were tricked\n into processing specially crafted files, a remote attacher could possibly\n execute arbitrary code. (CVE-2012-2240)\n \n Raphael Geissert discovered that the dget tool incorrectly performed input\n validation. If a user or automated system were tricked into processing\n specially crafted files, a remote attacher could delete arbitrary files.\n (CVE-2012-2241)\n \n Raphael Geissert discovered that the dget tool incorrectly escaped\n arguments to external commands. If a user or automated system were tricked\n into processing specially crafted files, a remote attacher could possibly\n execute arbitrary code. This issue only affected Ubuntu 10.04 LTS and\n Ubuntu 11.04. (CVE-2012-2242)\n \n Jim Meyering discovered that the annotate-output tool incorrectly handled\n temporary files. A local attacker could use this flaw to alter files being\n processed by the annotate-output tool. On Ubuntu 11.04 and later, this\n issue was mitigated by the Yama kernel symlink restrictions.\n (CVE-2012-3500)\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1593-1\";\ntag_affected = \"devscripts on Ubuntu 12.04 LTS ,\n Ubuntu 11.10 ,\n Ubuntu 11.04 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1593-1/\");\n script_id(841169);\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-03 09:24:12 +0530 (Wed, 03 Oct 2012)\");\n script_cve_id(\"CVE-2012-0212\", \"CVE-2012-2240\", \"CVE-2012-2241\", \"CVE-2012-2242\", \"CVE-2012-3500\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"1593-1\");\n script_name(\"Ubuntu Update for devscripts USN-1593-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"devscripts\", ver:\"2.10.61ubuntu5.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"devscripts\", ver:\"2.11.6ubuntu1.4\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"devscripts\", ver:\"2.11.1ubuntu3.2\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"devscripts\", ver:\"2.10.69ubuntu2.2\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:32", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1593-1", "modified": "2019-03-13T00:00:00", "published": "2012-10-03T00:00:00", "id": "OPENVAS:1361412562310841169", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841169", "title": "Ubuntu Update for devscripts USN-1593-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1593_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for devscripts USN-1593-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1593-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.841169\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-03 09:24:12 +0530 (Wed, 03 Oct 2012)\");\n script_cve_id(\"CVE-2012-0212\", \"CVE-2012-2240\", \"CVE-2012-2241\", \"CVE-2012-2242\", \"CVE-2012-3500\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"USN\", value:\"1593-1\");\n script_name(\"Ubuntu Update for devscripts USN-1593-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.04 LTS|12\\.04 LTS|11\\.10|11\\.04)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1593-1\");\n script_tag(name:\"affected\", value:\"devscripts on Ubuntu 12.04 LTS,\n Ubuntu 11.10,\n Ubuntu 11.04,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Raphael Geissert discovered that the debdiff.pl tool incorrectly handled\n shell metacharacters. If a user or automated system were tricked into\n processing a specially crafted filename, a remote attacher could possibly\n execute arbitrary code. (CVE-2012-0212)\n\n Raphael Geissert discovered that the dscverify tool incorrectly escaped\n arguments to external commands. If a user or automated system were tricked\n into processing specially crafted files, a remote attacher could possibly\n execute arbitrary code. (CVE-2012-2240)\n\n Raphael Geissert discovered that the dget tool incorrectly performed input\n validation. If a user or automated system were tricked into processing\n specially crafted files, a remote attacher could delete arbitrary files.\n (CVE-2012-2241)\n\n Raphael Geissert discovered that the dget tool incorrectly escaped\n arguments to external commands. If a user or automated system were tricked\n into processing specially crafted files, a remote attacher could possibly\n execute arbitrary code. This issue only affected Ubuntu 10.04 LTS and\n Ubuntu 11.04. (CVE-2012-2242)\n\n Jim Meyering discovered that the annotate-output tool incorrectly handled\n temporary files. A local attacker could use this flaw to alter files being\n processed by the annotate-output tool. On Ubuntu 11.04 and later, this\n issue was mitigated by the Yama kernel symlink restrictions.\n (CVE-2012-3500)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"devscripts\", ver:\"2.10.61ubuntu5.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"devscripts\", ver:\"2.11.6ubuntu1.4\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"devscripts\", ver:\"2.11.1ubuntu3.2\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"devscripts\", ver:\"2.10.69ubuntu2.2\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2019-05-30T02:23:01", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2549-1 security@debian.org\nhttp://www.debian.org/security/ Raphael Geissert\nSeptember 15, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : devscripts\nVulnerability : multiple\nProblem type : local (remote)\nDebian-specific: no\nCVE ID : CVE-2012-2240 CVE-2012-2241 CVE-2012-2242 CVE-2012-3500\n\nMultiple vulnerabilities have been discovered in devscripts, a set of\nscripts to make the life of a Debian Package maintainer easier.\nThe following Common Vulnerabilities and Exposures project ids have\nbeen assigned to identify them:\n\nCVE-2012-2240:\n\n Raphael Geissert discovered that dscverify does not perform\n sufficient validation and does not properly escape arguments to\n external commands, allowing a remote attacker (as when dscverify is\n used by dget) to execute arbitrary code.\n\nCVE-2012-2241:\n\n Raphael Geissert discovered that dget allows an attacker to delete\n arbitrary files when processing a specially-crafted .dsc or\n .changes file, due to insuficient input validation.\n\nCVE-2012-2242:\n\n Raphael Geissert discovered that dget does not properly escape\n arguments to external commands when processing .dsc and .changes\n files, allowing an attacker to execute arbitrary code.\n This issue is limited with the fix for CVE-2012-2241, and had\n already been fixed in version 2.10.73 due to changes to the code,\n without considering its security implications.\n\nCVE-2012-3500:\n\n Jim Meyering, Red Hat, discovered that annotate-output determines\n the name of temporary named pipes in a way that allows a local\n attacker to make it abort, leading to denial of service.\n\n\nAdditionally, a regression in the exit code of debdiff introduced in\nDSA-2409-1 has been fixed.\n\nFor the stable distribution (squeeze), these problems have been fixed in\nversion 2.10.69+squeeze4.\n\nFor the testing distribution (wheezy), these problems will be fixed\nsoon.\n\nFor the unstable distribution (sid), these problems will be fixed in\nversion 2.12.3.\n\nWe recommend that you upgrade your devscripts packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2012-09-15T18:09:43", "published": "2012-09-15T18:09:43", "id": "DEBIAN:DSA-2549-1:4476E", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00192.html", "title": "[SECURITY] [DSA 2549-1] devscripts security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2020-02-01T02:38:02", "bulletinFamily": "scanner", "description": "Raphael Geissert discovered that the debdiff.pl tool incorrectly\nhandled shell metacharacters. If a user or automated system were\ntricked into processing a specially crafted filename, a remote\nattacker could possibly execute arbitrary code. (CVE-2012-0212)\n\nRaphael Geissert discovered that the dscverify tool incorrectly\nescaped arguments to external commands. If a user or automated system\nwere tricked into processing specially crafted files, a remote\nattacker could possibly execute arbitrary code. (CVE-2012-2240)\n\nRaphael Geissert discovered that the dget tool incorrectly performed\ninput validation. If a user or automated system were tricked into\nprocessing specially crafted files, a remote attacker could delete\narbitrary files. (CVE-2012-2241)\n\nRaphael Geissert discovered that the dget tool incorrectly escaped\narguments to external commands. If a user or automated system were\ntricked into processing specially crafted files, a remote attacker\ncould possibly execute arbitrary code. This issue only affected Ubuntu\n10.04 LTS and Ubuntu 11.04. (CVE-2012-2242)\n\nJim Meyering discovered that the annotate-output tool incorrectly\nhandled temporary files. A local attacker could use this flaw to alter\nfiles being processed by the annotate-output tool. On Ubuntu 11.04 and\nlater, this issue was mitigated by the Yama kernel symlink\nrestrictions. (CVE-2012-3500).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2020-02-02T00:00:00", "id": "UBUNTU_USN-1593-1.NASL", "href": "https://www.tenable.com/plugins/nessus/62411", "published": "2012-10-03T00:00:00", "title": "Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : devscripts vulnerabilities (USN-1593-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1593-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(62411);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/09/19 12:54:28\");\n\n script_cve_id(\"CVE-2012-0212\", \"CVE-2012-2240\", \"CVE-2012-2241\", \"CVE-2012-2242\", \"CVE-2012-3500\");\n script_bugtraq_id(52029, 55358, 55564);\n script_xref(name:\"USN\", value:\"1593-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : devscripts vulnerabilities (USN-1593-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Raphael Geissert discovered that the debdiff.pl tool incorrectly\nhandled shell metacharacters. If a user or automated system were\ntricked into processing a specially crafted filename, a remote\nattacker could possibly execute arbitrary code. (CVE-2012-0212)\n\nRaphael Geissert discovered that the dscverify tool incorrectly\nescaped arguments to external commands. If a user or automated system\nwere tricked into processing specially crafted files, a remote\nattacker could possibly execute arbitrary code. (CVE-2012-2240)\n\nRaphael Geissert discovered that the dget tool incorrectly performed\ninput validation. If a user or automated system were tricked into\nprocessing specially crafted files, a remote attacker could delete\narbitrary files. (CVE-2012-2241)\n\nRaphael Geissert discovered that the dget tool incorrectly escaped\narguments to external commands. If a user or automated system were\ntricked into processing specially crafted files, a remote attacker\ncould possibly execute arbitrary code. This issue only affected Ubuntu\n10.04 LTS and Ubuntu 11.04. (CVE-2012-2242)\n\nJim Meyering discovered that the annotate-output tool incorrectly\nhandled temporary files. A local attacker could use this flaw to alter\nfiles being processed by the annotate-output tool. On Ubuntu 11.04 and\nlater, this issue was mitigated by the Yama kernel symlink\nrestrictions. (CVE-2012-3500).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1593-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected devscripts package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:devscripts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/06/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/10/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/10/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|11\\.04|11\\.10|12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 11.04 / 11.10 / 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"devscripts\", pkgver:\"2.10.61ubuntu5.3\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"devscripts\", pkgver:\"2.10.69ubuntu2.2\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"devscripts\", pkgver:\"2.11.1ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"devscripts\", pkgver:\"2.11.6ubuntu1.4\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"devscripts\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-02-01T06:52:46", "bulletinFamily": "scanner", "description": "Multiple vulnerabilities have been discovered in devscripts, a set of\nscripts to make the life of a Debian Package maintainer easier. The\nfollowing Common Vulnerabilities and Exposures project ids have been\nassigned to identify them :\n\n - CVE-2012-2240 :\n Raphael Geissert discovered that dscverify does not\n perform sufficient validation and does not properly\n escape arguments to external commands, allowing a remote\n attacker (as when dscverify is used by dget) to execute\n arbitrary code.\n\n - CVE-2012-2241 :\n Raphael Geissert discovered that dget allows an attacker\n to delete arbitrary files when processing a specially\n crafted .dsc or .changes file, due to insuficient input\n validation.\n\n - CVE-2012-2242 :\n Raphael Geissert discovered that dget does not properly\n escape arguments to external commands when processing\n .dsc and .changes files, allowing an attacker to execute\n arbitrary code. This issue is limited with the fix for\n CVE-2012-2241, and had already been fixed in version\n 2.10.73 due to changes to the code, without considering\n its security implications.\n\n - CVE-2012-3500 :\n Jim Meyering, Red Hat, discovered that annotate-output\n determines the name of temporary named pipes in a way\n that allows a local attacker to make it abort, leading\n to denial of service.\n\nAdditionally, a regression in the exit code of debdiff introduced in\nDSA-2409-1 has been fixed.", "modified": "2020-02-02T00:00:00", "id": "DEBIAN_DSA-2549.NASL", "href": "https://www.tenable.com/plugins/nessus/62113", "published": "2012-09-17T00:00:00", "title": "Debian DSA-2549-1 : devscripts - multiple vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2549. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(62113);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/11/10 11:49:35\");\n\n script_cve_id(\"CVE-2012-2240\", \"CVE-2012-2241\", \"CVE-2012-2242\", \"CVE-2012-3500\");\n script_bugtraq_id(55358);\n script_xref(name:\"DSA\", value:\"2549\");\n\n script_name(english:\"Debian DSA-2549-1 : devscripts - multiple vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities have been discovered in devscripts, a set of\nscripts to make the life of a Debian Package maintainer easier. The\nfollowing Common Vulnerabilities and Exposures project ids have been\nassigned to identify them :\n\n - CVE-2012-2240 :\n Raphael Geissert discovered that dscverify does not\n perform sufficient validation and does not properly\n escape arguments to external commands, allowing a remote\n attacker (as when dscverify is used by dget) to execute\n arbitrary code.\n\n - CVE-2012-2241 :\n Raphael Geissert discovered that dget allows an attacker\n to delete arbitrary files when processing a specially\n crafted .dsc or .changes file, due to insuficient input\n validation.\n\n - CVE-2012-2242 :\n Raphael Geissert discovered that dget does not properly\n escape arguments to external commands when processing\n .dsc and .changes files, allowing an attacker to execute\n arbitrary code. This issue is limited with the fix for\n CVE-2012-2241, and had already been fixed in version\n 2.10.73 due to changes to the code, without considering\n its security implications.\n\n - CVE-2012-3500 :\n Jim Meyering, Red Hat, discovered that annotate-output\n determines the name of temporary named pipes in a way\n that allows a local attacker to make it abort, leading\n to denial of service.\n\nAdditionally, a regression in the exit code of debdiff introduced in\nDSA-2409-1 has been fixed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-2240\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-2241\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-2242\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-2241\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-3500\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/devscripts\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2012/dsa-2549\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the devscripts packages.\n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 2.10.69+squeeze4.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:devscripts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"devscripts\", reference:\"2.10.69+squeeze4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2019-05-29T17:21:36", "bulletinFamily": "unix", "description": "Raphael Geissert discovered that the debdiff.pl tool incorrectly handled shell metacharacters. If a user or automated system were tricked into processing a specially crafted filename, a remote attacher could possibly execute arbitrary code. (CVE-2012-0212)\n\nRaphael Geissert discovered that the dscverify tool incorrectly escaped arguments to external commands. If a user or automated system were tricked into processing specially crafted files, a remote attacher could possibly execute arbitrary code. (CVE-2012-2240)\n\nRaphael Geissert discovered that the dget tool incorrectly performed input validation. If a user or automated system were tricked into processing specially crafted files, a remote attacher could delete arbitrary files. (CVE-2012-2241)\n\nRaphael Geissert discovered that the dget tool incorrectly escaped arguments to external commands. If a user or automated system were tricked into processing specially crafted files, a remote attacher could possibly execute arbitrary code. This issue only affected Ubuntu 10.04 LTS and Ubuntu 11.04. (CVE-2012-2242)\n\nJim Meyering discovered that the annotate-output tool incorrectly handled temporary files. A local attacker could use this flaw to alter files being processed by the annotate-output tool. On Ubuntu 11.04 and later, this issue was mitigated by the Yama kernel symlink restrictions. (CVE-2012-3500)", "modified": "2012-10-02T00:00:00", "published": "2012-10-02T00:00:00", "id": "USN-1593-1", "href": "https://usn.ubuntu.com/1593-1/", "title": "devscripts vulnerabilities", "type": "ubuntu", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}
