Lucene search
RootSSV:12303HistorySep 16, 2009 - 12:00 a.m.
Debian devscripts软件包uscan远程代码执行漏洞
2009-09-1600:00:00
Root
www.seebug.org
15
0.005 Low
EPSS
Percentile
74.6%
BUGTRAQ ID: 36227
CVE(CAN) ID: CVE-2009-2946
Debian是一个流行的Linux发行版本。
uscan是Debian的devscripts软件包中所提供的程序,用于检测是否有新的源码版本可用。uscan运行了从不可信任来源下载的Perl代码实现URL与版本的重整功能,如果源码的发布服务器使用了恶意的路径名就会导致注入并执行任意Perl代码。
Debian devscripts 2.9.26
Debian devscripts 2.9.25
Debian devscripts 2.10.35
厂商补丁:
Debian
Debian已经为此发布了一个安全公告(DSA-1878-1)以及相应补丁:
DSA-1878-1:devscripts – missing input sanitation
链接:http://www.debian.org/security/2009/dsa-1878
Related
debian
debian
[Backports-security-announce] Security update for devscripts
2009-09-11 17:38:31
[Backports-security-announce] Security update for devscripts
2009-09-02 20:22:26
[Backports-security-announce] Security update for devscripts
2009-09-02 20:38:19
nessus
nessus
Ubuntu 6.06 LTS : devscripts vulnerability (USN-847-2)
2009-10-12 00:00:00
Debian DSA-1878-1 : devscripts - missing input sanitation
2010-02-24 00:00:00
Ubuntu 8.04 LTS / 8.10 / 9.04 : devscripts vulnerability (USN-847-1)
2009-10-09 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-1878-1)
2009-09-15 00:00:00
Debian: Security Advisory (DSA-1878-1)
2009-09-09 00:00:00
Ubuntu: Security Advisory (USN-847-1)
2022-08-26 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 1878-1] New devscripts packages fix remote code execution
2009-09-03 00:00:00
devscripts code execution
2009-09-03 00:00:00
prion
prion
Design/Logic Flaw
2009-09-04 20:30:00
ubuntu
ubuntu
Devscripts vulnerability
2009-10-08 00:00:00
devscripts vulnerability
2009-10-09 00:00:00
cve
cve
CVE-2009-2946
2009-09-04 20:30:00
debiancve
debiancve
CVE-2009-2946
2009-09-04 20:30:00
ubuntucve
ubuntucve
CVE-2009-2946
2009-09-04 00:00:00
cvelist
cvelist
CVE-2009-2946
2022-10-03 16:24:05