Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:19044
HistoryFeb 02, 2010 - 12:00 a.m.

Debian Lintian多个本地安全漏洞

2010-02-0200:00:00
Root
www.seebug.org
21

EPSS

0.02

Percentile

89.2%

JSON

Bugraq ID: 37975
CVE ID:CVE-2009-4013
CVE-2009-4014
CVE-2009-4015

Debian Lintian是一款软件包检查程序。
Debian Lintian存在多个安全漏洞,本地攻击者可以利用这些漏洞执行任意代码或者提升特权或获得敏感信息。
CVE-2009-4013:控制文件过滤缺失
CNCVE ID:CNCVE-20094013
CNCVE-20094014
CNCVE-20094015
CNCVE-20094013

控制字段名称和值在使用前没有充分过滤,在部分操作下可导致目录遍历。
Patch systems控制文件在使用前没有充分过滤,在部分操作下可导致目录遍历。
攻击者可以利用这些漏洞覆盖任意文件或泄漏系统信息。
CVE-2009-4014:格式字符串漏洞
CNCVE ID:CNCVE-20094013
CNCVE-20094014
CNCVE-20094015
CNCVE-20094013
CNCVE-20094014

多个检查脚本和Lintian::Schedule模块使用用户提供的输入作为sprintf/printf格式串参数。
CVE-2009-4015:任意命令执行
CNCVE ID:CNCVE-20094013
CNCVE-20094014
CNCVE-20094015
CNCVE-20094013
CNCVE-20094014
CNCVE-20094015

文件名没有充分过滤就直接传递给部分命令作参数,允许以管道或SHELL命令集执行其他命令。

Debian lintian
Debian linux用户可参考如下升级程序:
Debian Linux 4.0 amd64
Debian lintian_1.23.28+etch1_all.deb
http://security.debian.org/pool/updates/main/l/lintian/lintian_1.23.28 +etch1_all.deb
Debian Linux 4.0 ia-32
Debian lintian_1.23.28+etch1_all.deb
http://security.debian.org/pool/updates/main/l/lintian/lintian_1.23.28 +etch1_all.deb
Debian Linux 4.0 arm
Debian lintian_1.23.28+etch1_all.deb
http://security.debian.org/pool/updates/main/l/lintian/lintian_1.23.28 +etch1_all.deb
Debian Linux 5.0 hppa
Debian lintian_1.24.2.1+lenny1_all.deb
http://security.debian.org/pool/updates/main/l/lintian/lintian_1.24.2. 1+lenny1_all.deb
Debian Linux 5.0 ia-64
Debian lintian_1.24.2.1+lenny1_all.deb
http://security.debian.org/pool/updates/main/l/lintian/lintian_1.24.2. 1+lenny1_all.deb
Debian Linux 4.0 hppa
Debian lintian_1.23.28+etch1_all.deb
http://security.debian.org/pool/updates/main/l/lintian/lintian_1.23.28 +etch1_all.deb
Debian Linux 4.0 sparc
Debian lintian_1.23.28+etch1_all.deb
http://security.debian.org/pool/updates/main/l/lintian/lintian_1.23.28 +etch1_all.deb
Debian Linux 4.0 s/390
Debian lintian_1.23.28+etch1_all.deb
http://security.debian.org/pool/updates/main/l/lintian/lintian_1.23.28 +etch1_all.deb
Debian Linux 5.0 m68k
Debian lintian_1.24.2.1+lenny1_all.deb
http://security.debian.org/pool/updates/main/l/lintian/lintian_1.24.2. 1+lenny1_all.deb
Debian Linux 5.0 arm
Debian lintian_1.24.2.1+lenny1_all.deb
http://security.debian.org/pool/updates/main/l/lintian/lintian_1.24.2. 1+lenny1_all.deb
Debian Linux 4.0 powerpc
Debian lintian_1.23.28+etch1_all.deb
http://security.debian.org/pool/updates/main/l/lintian/lintian_1.23.28 +etch1_all.deb
Debian Linux 4.0 alpha
Debian lintian_1.23.28+etch1_all.deb
http://security.debian.org/pool/updates/main/l/lintian/lintian_1.23.28 +etch1_all.deb
Debian Linux 4.0 armel
Debian lintian_1.23.28+etch1_all.deb
http://security.debian.org/pool/updates/main/l/lintian/lintian_1.23.28 +etch1_all.deb
Debian Linux 5.0 armel
Debian lintian_1.24.2.1+lenny1_all.deb
http://security.debian.org/pool/updates/main/l/lintian/lintian_1.24.2. 1+lenny1_all.deb
Debian Linux 4.0 m68k
Debian lintian_1.23.28+etch1_all.deb
http://security.debian.org/pool/updates/main/l/lintian/lintian_1.23.28 +etch1_all.deb
Debian Linux 5.0
Debian lintian_1.24.2.1+lenny1_all.deb
http://security.debian.org/pool/updates/main/l/lintian/lintian_1.24.2. 1+lenny1_all.deb
Debian Linux 4.0
Debian lintian_1.23.28+etch1_all.deb
http://security.debian.org/pool/updates/main/l/lintian/lintian_1.23.28 +etch1_all.deb
Debian Linux 4.0 mipsel
Debian lintian_1.23.28+etch1_all.deb
http://security.debian.org/pool/updates/main/l/lintian/lintian_1.23.28 +etch1_all.deb
Debian Linux 5.0 amd64
Debian lintian_1.24.2.1+lenny1_all.deb
http://security.debian.org/pool/updates/main/l/lintian/lintian_1.24.2. 1+lenny1_all.deb
Debian Linux 5.0 alpha
Debian lintian_1.24.2.1+lenny1_all.deb
http://security.debian.org/pool/updates/main/l/lintian/lintian_1.24.2. 1+lenny1_all.deb
Debian Linux 5.0 ia-32
Debian lintian_1.24.2.1+lenny1_all.deb
http://security.debian.org/pool/updates/main/l/lintian/lintian_1.24.2. 1+lenny1_all.deb
Debian Linux 5.0 mips
Debian lintian_1.24.2.1+lenny1_all.deb
http://security.debian.org/pool/updates/main/l/lintian/lintian_1.24.2. 1+lenny1_all.deb
Debian Linux 5.0 s/390
Debian lintian_1.24.2.1+lenny1_all.deb
http://security.debian.org/pool/updates/main/l/lintian/lintian_1.24.2. 1+lenny1_all.deb
Debian Linux 5.0 mipsel
Debian lintian_1.24.2.1+lenny1_all.deb
http://security.debian.org/pool/updates/main/l/lintian/lintian_1.24.2. 1+lenny1_all.deb
Debian Linux 5.0 powerpc
Debian lintian_1.24.2.1+lenny1_all.deb
http://security.debian.org/pool/updates/main/l/lintian/lintian_1.24.2. 1+lenny1_all.deb
Debian Linux 4.0 ia-64
Debian lintian_1.23.28+etch1_all.deb
http://security.debian.org/pool/updates/main/l/lintian/lintian_1.23.28 +etch1_all.deb
Debian Linux 4.0 mips
Debian lintian_1.23.28+etch1_all.deb
http://security.debian.org/pool/updates/main/l/lintian/lintian_1.23.28 +etch1_all.deb
Debian Linux 5.0 sparc
Debian lintian_1.24.2.1+lenny1_all.deb
http://security.debian.org/pool/updates/main/l/lintian/lintian_1.24.2. 1+lenny1_all.deb

Related

debian 4
openvas 3
osv 1
securityvulns 2
nessus 2
ubuntu 1
prion 3
ubuntucve 3
debiancve 3
cvelist 3
cve 3
nvd 3
debian
debian
[Backports-security-announce] Security Update for lintian
2010-01-27 18:28:56
[SECURITY] [DSA-1979-1] New lintian packages fix multiple vulnerabilities
2010-01-27 18:22:26
[SECURITY] [DSA-1979-1] New lintian packages fix multiple vulnerabilities
2010-01-27 18:22:26
openvas
openvas
Ubuntu Update for lintian vulnerabilities USN-891-1
2010-01-29 00:00:00
Ubuntu: Security Advisory (USN-891-1)
2010-01-29 00:00:00
Debian: Security Advisory (DSA-1979-1)
2023-03-08 00:00:00
osv
osv
lintian - multiple vulnerabilities
2010-01-27 00:00:00
securityvulns
securityvulns
lintian multiple security vulnerabilities
2010-01-28 00:00:00
[SECURITY] [DSA-1979-1] New lintian packages fix multiple vulnerabilities
2010-01-28 00:00:00
nessus
nessus
Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : lintian vulnerabilities (USN-891-1)
2010-01-28 00:00:00
Debian DSA-1979-1 : lintian - multiple vulnerabilities
2010-02-24 00:00:00
ubuntu
ubuntu
lintian vulnerabilities
2010-01-28 00:00:00
prion
prion
Directory traversal
2010-02-02 16:30:00
Format string
2010-02-02 16:30:00
Design/Logic Flaw
2010-02-02 16:30:00
ubuntucve
ubuntucve
CVE-2009-4013
2010-01-28 00:00:00
CVE-2009-4014
2010-01-28 00:00:00
CVE-2009-4015
2010-01-28 00:00:00
debiancve
debiancve
CVE-2009-4013
2010-02-02 16:30:02
CVE-2009-4015
2010-02-02 16:30:02
CVE-2009-4014
2010-02-02 16:30:02
cvelist
cvelist
CVE-2009-4013
2010-02-02 16:25:00
CVE-2009-4014
2010-02-02 16:25:00
CVE-2009-4015
2010-02-02 16:25:00
cve
cve
CVE-2009-4013
2010-02-02 16:30:02
CVE-2009-4015
2010-02-02 16:30:02
CVE-2009-4014
2010-02-02 16:30:02
nvd
nvd
CVE-2009-4013
2010-02-02 16:30:02
CVE-2009-4014
2010-02-02 16:30:02
CVE-2009-4015
2010-02-02 16:30:02

EPSS

0.02

Percentile

89.2%

JSON
Related for SSV:19044
debian4openvas3osv1securityvulns2nessus2ubuntu1prion3ubuntucve3debiancve3cvelist3cve3nvd3