Lucene search

UbuntuUSN-847-2

HistoryOct 09, 2009 - 12:00 a.m.

devscripts vulnerability

2009-10-0900:00:00

ubuntu.com

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.8

Confidence

Low

EPSS

0.008

Percentile

81.4%

JSON

Releases

Ubuntu 6.06

Packages

devscripts -

Details

USN-847-1 fixed vulnerabilities in devscripts. This update provides the
corresponding updates for Ubuntu 6.06 LTS.

Original advisory details:

Raphael Geissert discovered that uscan, a part of devscripts, did not
properly sanitize its input when processing pathnames. If uscan processed a
crafted filename for a file on a remote server, an attacker could execute
arbitrary code with the privileges of the user invoking the program.

OSVersionArchitecturePackageVersionFilename
Ubuntu6.06noarchdevscripts< 2.9.10-0ubuntu0.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	6.06	noarch	devscripts	< 2.9.10-0ubuntu0.1	UNKNOWN

References

ubuntu.com/security/CVE-2009-2946

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.8

Confidence

Low

EPSS

0.008

Percentile

81.4%

JSON

Related for USN-847-2