Vulnerability Name:

CVE-2009-4015 (CCN-55983)

Assigned:2009-11-19
Published:2010-01-29
Updated:2010-02-04
Summary:Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allows remote attackers to execute arbitrary commands via shell metacharacters in filename arguments.
CVSS v3 Severity:5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
3.4 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-89
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2009-4015

Source: CONFIRM
Type: UNKNOWN
http://git.debian.org/?p=lintian/lintian.git;a=commit;h=c8d01f062b3e5137cf65196760b079a855c75e00

Source: CONFIRM
Type: UNKNOWN
http://git.debian.org/?p=lintian/lintian.git;a=commit;h=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d

Source: CCN
Type: Lintian Reports Web Page
Lintian Reports

Source: CONFIRM
Type: UNKNOWN
http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog

Source: MLIST
Type: UNKNOWN
[debian-changes] 20100128 Accepted lintian 1.24.2.1+lenny1 (source all)

Source: SECUNIA
Type: Vendor Advisory
38375

Source: SECUNIA
Type: Vendor Advisory
38379

Source: DEBIAN
Type: Vendor Advisory
DSA-1979

Source: DEBIAN
Type: DSA-1979
lintian -- multiple vulnerabilities

Source: CCN
Type: OSVDB ID: 62127
Lintian Filename Shell Metacharacter Arbitrary Command Execution

Source: BID
Type: Patch
37975

Source: CCN
Type: BID-37975
Debian Lintian Multiple Local Vulnerabilities

Source: CCN
Type: USN-891-1
lintian vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-891-1

Source: XF
Type: UNKNOWN
lintian-filenames-command-execution(55983)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:debian:lintian:1.23.0:*:*:*:*:*:*:*
  • OR cpe:/a:debian:lintian:1.23.1:*:*:*:*:*:*:*
  • OR cpe:/a:debian:lintian:1.23.2:*:*:*:*:*:*:*
  • OR cpe:/a:debian:lintian:1.23.3:*:*:*:*:*:*:*
  • OR cpe:/a:debian:lintian:1.23.4:*:*:*:*:*:*:*
  • OR cpe:/a:debian:lintian:1.23.5:*:*:*:*:*:*:*
  • OR cpe:/a:debian:lintian:1.23.6:*:*:*:*:*:*:*
  • OR cpe:/a:debian:lintian:1.23.7:*:*:*:*:*:*:*
  • OR cpe:/a:debian:lintian:1.23.8:*:*:*:*:*:*:*
  • OR cpe:/a:debian:lintian:1.23.9:*:*:*:*:*:*:*
  • OR cpe:/a:debian:lintian:1.23.10:*:*:*:*:*:*:*
  • OR cpe:/a:debian:lintian:1.23.11:*:*:*:*:*:*:*
  • OR cpe:/a:debian:lintian:1.23.12:*:*:*:*:*:*:*
  • OR cpe:/a:debian:lintian:1.23.13:*:*:*:*:*:*:*
  • OR cpe:/a:debian:lintian:1.23.14:*:*:*:*:*:*:*
  • OR cpe:/a:debian:lintian:1.23.15:*:*:*:*:*:*:*
  • OR cpe:/a:debian:lintian:1.23.16:*:*:*:*:*:*:*
  • OR cpe:/a:debian:lintian:1.23.17:*:*:*:*:*:*:*
  • OR cpe:/a:debian:lintian:1.23.18:*:*:*:*:*:*:*
  • OR cpe:/a:debian:lintian:1.23.19:*:*:*:*:*:*:*
  • OR cpe:/a:debian:lintian:1.23.20:*:*:*:*:*:*:*
  • OR cpe:/a:debian:lintian:1.23.22:*:*:*:*:*:*:*
  • OR cpe:/a:debian:lintian:1.23.23:*:*:*:*:*:*:*
  • OR cpe:/a:debian:lintian:1.23.24:*:*:*:*:*:*:*
  • OR cpe:/a:debian:lintian:1.23.25:*:*:*:*:*:*:*
  • OR cpe:/a:debian:lintian:1.23.26:*:*:*:*:*:*:*
  • OR cpe:/a:debian:lintian:1.23.27:*:*:*:*:*:*:*
  • OR cpe:/a:debian:lintian:1.23.28:*:*:*:*:*:*:*
  • OR cpe:/a:debian:lintian:1.24.0:*:*:*:*:*:*:*
  • OR cpe:/a:debian:lintian:1.24.1:*:*:*:*:*:*:*
  • OR cpe:/a:debian:lintian:1.24.2:*:*:*:*:*:*:*
  • OR cpe:/a:debian:lintian:2.0-rc1:*:*:*:*:*:*:*
  • OR cpe:/a:debian:lintian:2.0-rc2:*:*:*:*:*:*:*
  • OR cpe:/a:debian:lintian:2.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:debian:lintian:2.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:debian:lintian:2.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:debian:lintian:2.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:debian:lintian:2.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:debian:lintian:2.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:debian:lintian:2.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:debian:lintian:2.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:debian:lintian:2.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:debian:lintian:2.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:debian:lintian:2.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:debian:lintian:2.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:debian:lintian:2.2.5:*:*:*:*:*:*:*
  • OR cpe:/a:debian:lintian:2.2.6:*:*:*:*:*:*:*
  • OR cpe:/a:debian:lintian:2.2.7:*:*:*:*:*:*:*
  • OR cpe:/a:debian:lintian:2.2.8:*:*:*:*:*:*:*
  • OR cpe:/a:debian:lintian:2.2.9:*:*:*:*:*:*:*
  • OR cpe:/a:debian:lintian:2.2.10:*:*:*:*:*:*:*
  • OR cpe:/a:debian:lintian:2.2.11:*:*:*:*:*:*:*
  • OR cpe:/a:debian:lintian:2.2.12:*:*:*:*:*:*:*
  • OR cpe:/a:debian:lintian:2.2.13:*:*:*:*:*:*:*
  • OR cpe:/a:debian:lintian:2.2.14:*:*:*:*:*:*:*
  • OR cpe:/a:debian:lintian:2.2.15:*:*:*:*:*:*:*
  • OR cpe:/a:debian:lintian:2.2.16:*:*:*:*:*:*:*
  • OR cpe:/a:debian:lintian:2.2.18:*:*:*:*:*:*:*
  • OR cpe:/a:debian:lintian:2.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:debian:lintian:2.3.1:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:debian:lintian:-:*:*:*:*:*:*:*
  • AND
  • cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:8.04::lts:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:5.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:12572
    P
    		USN-891-1 -- lintian vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:7013
    P
    		DSA-1979 lintian -- multiple vulnerabilities
    2014-06-23
    oval:org.mitre.oval:def:13615
    P
    		DSA-1979-1 lintian -- multiple
    2014-06-23
    oval:org.debian:def:1979
    V
    		multiple vulnerabilities
    2010-01-27
    BACK
    debian lintian 1.23.0
    debian lintian 1.23.1
    debian lintian 1.23.2
    debian lintian 1.23.3
    debian lintian 1.23.4
    debian lintian 1.23.5
    debian lintian 1.23.6
    debian lintian 1.23.7
    debian lintian 1.23.8
    debian lintian 1.23.9
    debian lintian 1.23.10
    debian lintian 1.23.11
    debian lintian 1.23.12
    debian lintian 1.23.13
    debian lintian 1.23.14
    debian lintian 1.23.15
    debian lintian 1.23.16
    debian lintian 1.23.17
    debian lintian 1.23.18
    debian lintian 1.23.19
    debian lintian 1.23.20
    debian lintian 1.23.22
    debian lintian 1.23.23
    debian lintian 1.23.24
    debian lintian 1.23.25
    debian lintian 1.23.26
    debian lintian 1.23.27
    debian lintian 1.23.28
    debian lintian 1.24.0
    debian lintian 1.24.1
    debian lintian 1.24.2
    debian lintian 2.0-rc1
    debian lintian 2.0-rc2
    debian lintian 2.1.0
    debian lintian 2.1.1
    debian lintian 2.1.2
    debian lintian 2.1.3
    debian lintian 2.1.4
    debian lintian 2.1.5
    debian lintian 2.1.6
    debian lintian 2.2.0
    debian lintian 2.2.1
    debian lintian 2.2.2
    debian lintian 2.2.3
    debian lintian 2.2.4
    debian lintian 2.2.5
    debian lintian 2.2.6
    debian lintian 2.2.7
    debian lintian 2.2.8
    debian lintian 2.2.9
    debian lintian 2.2.10
    debian lintian 2.2.11
    debian lintian 2.2.12
    debian lintian 2.2.13
    debian lintian 2.2.14
    debian lintian 2.2.15
    debian lintian 2.2.16
    debian lintian 2.2.18
    debian lintian 2.3.0
    debian lintian 2.3.1
    debian lintian -
    canonical ubuntu 6.06
    debian debian linux 4.0
    canonical ubuntu 8.04
    debian debian linux 5.0