Vulnerability Name:

CVE-2012-0212 (CCN-73217)

Assigned:2011-12-14
Published:2012-02-15
Updated:2017-08-29
Summary:debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via shell metacharacters in the file name argument.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-20
Vulnerability Consequences:Gain Access
References:Source: CONFIRM
Type: UNKNOWN
http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=9cbe605d3eab4f9e67525f69b676c55b273b7a03

Source: CCN
Type: BugTraq Mailing List, Wed Feb 15 2012 - 08:42:53 CST
devscripts security update

Source: MITRE
Type: CNA
CVE-2012-0212

Source: SECUNIA
Type: Vendor Advisory
47955

Source: SECUNIA
Type: Vendor Advisory
48039

Source: UBUNTU
Type: UNKNOWN
USN-1366-1

Source: CCN
Type: Debian Web Site
Debian -- The Universal Operating System

Source: DEBIAN
Type: UNKNOWN
DSA-2409

Source: DEBIAN
Type: DSA-2409
devscripts -- several vulnerabilities

Source: OSVDB
Type: UNKNOWN
79322

Source: CCN
Type: OSVDB ID: 79321
devscripts debdiff.pl Filename Parameter Parsing Remote Code Execution

Source: CCN
Type: OSVDB ID: 79322
ManageEngine Applications Manager showHistoryData.do period Parameter XSS

Source: BID
Type: UNKNOWN
52029

Source: CCN
Type: BID-52029
Debian devscripts 'debdiff' Multiple Remote Code Execution Vulnerabilities

Source: CCN
Type: BID-55564
Debian devscripts Multiple Arbitrary File Deletion and Arbitrary Code Execution Vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-1593-1

Source: XF
Type: UNKNOWN
devscripts-debdiff-code-execution(73217)

Source: XF
Type: UNKNOWN
devscripts-debdiff-code-execution(73217)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:devscripts_devel_team:devscripts:2.10.0:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.1:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.3:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.6:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.7:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.8:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.9:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.10:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.11:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.12:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.13:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.14:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.15:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.16:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.17:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.18:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.18.1:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.19:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.20:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.21:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.22:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.23:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.24:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.25:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.26:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.27:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.28:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.29:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.30:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.31:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.32:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.33:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.34:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.35:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.36:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.38:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.39:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.40:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.41:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.42:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.43:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.44:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.45:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.46:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.47:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.48:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.49:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.50:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.51:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.52:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.53:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.54:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.55:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.56:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.57:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.58:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.59:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.60:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.61:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.62:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.63:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.64:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.65.1:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.66:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.67:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.68:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/a:devscripts_devel_team:devscripts:2.11.0:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.11.1:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.11.2:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.11.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:15127
    P
    		USN-1366-1 -- devscripts vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:18171
    P
    		USN-1593-1 -- devscripts vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:14780
    P
    		DSA-2409-1 devscripts -- several
    2014-06-23
    BACK
    devscripts_devel_team devscripts 2.10.0
    devscripts_devel_team devscripts 2.10.1
    devscripts_devel_team devscripts 2.10.3
    devscripts_devel_team devscripts 2.10.6
    devscripts_devel_team devscripts 2.10.7
    devscripts_devel_team devscripts 2.10.8
    devscripts_devel_team devscripts 2.10.9
    devscripts_devel_team devscripts 2.10.10
    devscripts_devel_team devscripts 2.10.11
    devscripts_devel_team devscripts 2.10.12
    devscripts_devel_team devscripts 2.10.13
    devscripts_devel_team devscripts 2.10.14
    devscripts_devel_team devscripts 2.10.15
    devscripts_devel_team devscripts 2.10.16
    devscripts_devel_team devscripts 2.10.17
    devscripts_devel_team devscripts 2.10.18
    devscripts_devel_team devscripts 2.10.18.1
    devscripts_devel_team devscripts 2.10.19
    devscripts_devel_team devscripts 2.10.20
    devscripts_devel_team devscripts 2.10.21
    devscripts_devel_team devscripts 2.10.22
    devscripts_devel_team devscripts 2.10.23
    devscripts_devel_team devscripts 2.10.24
    devscripts_devel_team devscripts 2.10.25
    devscripts_devel_team devscripts 2.10.26
    devscripts_devel_team devscripts 2.10.27
    devscripts_devel_team devscripts 2.10.28
    devscripts_devel_team devscripts 2.10.29
    devscripts_devel_team devscripts 2.10.30
    devscripts_devel_team devscripts 2.10.31
    devscripts_devel_team devscripts 2.10.32
    devscripts_devel_team devscripts 2.10.33
    devscripts_devel_team devscripts 2.10.34
    devscripts_devel_team devscripts 2.10.35
    devscripts_devel_team devscripts 2.10.36
    devscripts_devel_team devscripts 2.10.38
    devscripts_devel_team devscripts 2.10.39
    devscripts_devel_team devscripts 2.10.40
    devscripts_devel_team devscripts 2.10.41
    devscripts_devel_team devscripts 2.10.42
    devscripts_devel_team devscripts 2.10.43
    devscripts_devel_team devscripts 2.10.44
    devscripts_devel_team devscripts 2.10.45
    devscripts_devel_team devscripts 2.10.46
    devscripts_devel_team devscripts 2.10.47
    devscripts_devel_team devscripts 2.10.48
    devscripts_devel_team devscripts 2.10.49
    devscripts_devel_team devscripts 2.10.50
    devscripts_devel_team devscripts 2.10.51
    devscripts_devel_team devscripts 2.10.52
    devscripts_devel_team devscripts 2.10.53
    devscripts_devel_team devscripts 2.10.54
    devscripts_devel_team devscripts 2.10.55
    devscripts_devel_team devscripts 2.10.56
    devscripts_devel_team devscripts 2.10.57
    devscripts_devel_team devscripts 2.10.58
    devscripts_devel_team devscripts 2.10.59
    devscripts_devel_team devscripts 2.10.60
    devscripts_devel_team devscripts 2.10.61
    devscripts_devel_team devscripts 2.10.62
    devscripts_devel_team devscripts 2.10.63
    devscripts_devel_team devscripts 2.10.64
    devscripts_devel_team devscripts 2.10.65.1
    devscripts_devel_team devscripts 2.10.66
    devscripts_devel_team devscripts 2.10.67
    devscripts_devel_team devscripts 2.10.68
    devscripts_devel_team devscripts 2.11.0
    devscripts_devel_team devscripts 2.11.1
    devscripts_devel_team devscripts 2.11.2
    devscripts_devel_team devscripts 2.11.3