Lucene search
Copyright (C) 2008 E-Soft Inc.OPENVAS:136141256231060208HistoryJan 31, 2008 - 12:00 a.m.
Debian Security Advisory DSA 1465-1 (apt-listchanges)
2008-01-3100:00:00
Copyright (C) 2008 E-Soft Inc.
plugins.openvas.org
1
The remote host is missing an update to apt-listchanges announced via advisory DSA 1465-1.
This VT has been merged into the VT
# SPDX-FileCopyrightText: 2008 E-Soft Inc.
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.60208");
script_version("2023-06-29T08:15:14+0000");
script_tag(name:"last_modification", value:"2023-06-29 08:15:14 +0000 (Thu, 29 Jun 2023)");
script_tag(name:"creation_date", value:"2008-01-31 16:11:48 +0100 (Thu, 31 Jan 2008)");
script_cve_id("CVE-2008-0302");
script_tag(name:"cvss_base", value:"7.2");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_name("Debian Security Advisory DSA 1465-1 (apt-listchanges)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2008 E-Soft Inc.");
script_family("Debian Local Security Checks");
script_xref(name:"URL", value:"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201465-1");
script_tag(name:"insight", value:"Felipe Sateler discovered that apt-listchanges, a package change history
notification tool, used unsafe paths when importing its python libraries.
This could allow the execution of arbitrary shell commands if the root user
executed the command in a directory which other local users may write
to.
For the stable distribution (etch), this problem has been fixed in version
2.72.5etch1.
For the old stable distribution (sarge), this problem was not present.
For the unstable distribution (sid), this problem has been fixed in version
2.82.");
script_tag(name:"solution", value:"We recommend that you upgrade your apt-listchanges package.");
script_tag(name:"summary", value:"The remote host is missing an update to apt-listchanges announced via advisory DSA 1465-1.
This VT has been merged into the VT 'Debian: Security Advisory (DSA-1465)' (OID: 1.3.6.1.4.1.25623.1.0.60209).");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"deprecated", value:TRUE);
exit(0);
}
exit(66);Related
openvas
openvas
Debian Security Advisory DSA 1465-1 (apt-listchanges)
2008-01-31 00:00:00
Ubuntu: Security Advisory (USN-572-1)
2009-03-23 00:00:00
Ubuntu Update for apt-listchanges vulnerability USN-572-1
2009-03-23 00:00:00
debiancve
debiancve
CVE-2008-0302
2008-01-17 02:00:00
prion
prion
Design/Logic Flaw
2008-01-17 02:00:00
securityvulns
securityvulns
apt-listchanges privilege escalation
2008-01-17 00:00:00
debian
debian
cve
cve
CVE-2008-0302
2008-01-17 02:00:00
nessus
nessus
Ubuntu 7.04 / 7.10 : apt-listchanges vulnerability (USN-572-1)
2008-01-21 00:00:00
Debian DSA-1465-2 : apt-listchanges - programming error
2008-01-18 00:00:00
osv
osv
apt-listchanges - arbitrary code execution
2008-01-17 00:00:00
ubuntu
ubuntu
apt-listchanges vulnerability
2008-01-18 00:00:00
ubuntucve
ubuntucve
CVE-2008-0302
2008-01-17 00:00:00
cvelist
cvelist
CVE-2008-0302
2008-01-17 01:00:00
6.6 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.2%
Related for OPENVAS:136141256231060208