Vulnerability Name:

CVE-2012-2242 (CCN-78976)

Assigned:2012-09-14
Published:2012-09-14
Updated:2013-04-19
Summary:scripts/dget.pl in devscripts before 2.10.73 allows remote attackers to execute arbitrary commands via a crafted (1) .dsc or (2) .changes file, related to "arguments to external commands" that are not properly escaped, a different vulnerability than CVE-2012-2240.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-20
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: devscripts GIT Repository
dget: fix arbitrary file deletion (CVE-2012-2241)

Source: MITRE
Type: CNA
CVE-2012-2242

Source: CCN
Type: SA50600
Debian update for devscripts

Source: SECUNIA
Type: Vendor Advisory
50600

Source: DEBIAN
Type: UNKNOWN
DSA-2549

Source: DEBIAN
Type: DSA-2549
devscripts -- multiple vulnerabilities

Source: BID
Type: UNKNOWN
55564

Source: CCN
Type: BID-55564
Debian devscripts Multiple Arbitrary File Deletion and Arbitrary Code Execution Vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-1593-1

Source: XF
Type: UNKNOWN
devscripts-command-exec(78976)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:devscripts_devel_team:devscripts:2.10.0:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.1:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.3:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.6:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.7:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.8:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.9:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.10:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.11:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.12:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.13:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.14:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.15:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.16:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.17:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.18:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.18.1:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.19:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.20:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.21:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.22:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.23:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.24:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.25:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.26:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.27:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.28:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.29:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.30:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.31:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.32:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.33:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.34:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.35:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.36:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.38:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.39:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.40:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.41:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.42:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.43:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.44:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.45:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.46:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.47:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.48:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.49:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.50:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.51:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.52:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.53:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.54:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.55:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.56:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.57:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.58:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.59:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.60:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.61:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.62:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.63:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.64:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.65.1:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.66:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.67:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.68:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.69:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.69:squeeze1:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.69:squeeze2:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.69:squeeze3:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.69:squeeze4:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.70:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:2.10.71:*:*:*:*:*:*:*
  • OR cpe:/a:devscripts_devel_team:devscripts:*:*:*:*:*:*:*:* (Version <= 2.10.72)

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:18171
    P
    		USN-1593-1 -- devscripts vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:20054
    P
    		DSA-2549-1 devscripts - multiple
    2014-06-23
    oval:com.ubuntu.precise:def:20122242000
    V
    		CVE-2012-2242 on Ubuntu 12.04 LTS (precise) - medium.
    2012-09-30
    BACK
    devscripts_devel_team devscripts 2.10.0
    devscripts_devel_team devscripts 2.10.1
    devscripts_devel_team devscripts 2.10.3
    devscripts_devel_team devscripts 2.10.6
    devscripts_devel_team devscripts 2.10.7
    devscripts_devel_team devscripts 2.10.8
    devscripts_devel_team devscripts 2.10.9
    devscripts_devel_team devscripts 2.10.10
    devscripts_devel_team devscripts 2.10.11
    devscripts_devel_team devscripts 2.10.12
    devscripts_devel_team devscripts 2.10.13
    devscripts_devel_team devscripts 2.10.14
    devscripts_devel_team devscripts 2.10.15
    devscripts_devel_team devscripts 2.10.16
    devscripts_devel_team devscripts 2.10.17
    devscripts_devel_team devscripts 2.10.18
    devscripts_devel_team devscripts 2.10.18.1
    devscripts_devel_team devscripts 2.10.19
    devscripts_devel_team devscripts 2.10.20
    devscripts_devel_team devscripts 2.10.21
    devscripts_devel_team devscripts 2.10.22
    devscripts_devel_team devscripts 2.10.23
    devscripts_devel_team devscripts 2.10.24
    devscripts_devel_team devscripts 2.10.25
    devscripts_devel_team devscripts 2.10.26
    devscripts_devel_team devscripts 2.10.27
    devscripts_devel_team devscripts 2.10.28
    devscripts_devel_team devscripts 2.10.29
    devscripts_devel_team devscripts 2.10.30
    devscripts_devel_team devscripts 2.10.31
    devscripts_devel_team devscripts 2.10.32
    devscripts_devel_team devscripts 2.10.33
    devscripts_devel_team devscripts 2.10.34
    devscripts_devel_team devscripts 2.10.35
    devscripts_devel_team devscripts 2.10.36
    devscripts_devel_team devscripts 2.10.38
    devscripts_devel_team devscripts 2.10.39
    devscripts_devel_team devscripts 2.10.40
    devscripts_devel_team devscripts 2.10.41
    devscripts_devel_team devscripts 2.10.42
    devscripts_devel_team devscripts 2.10.43
    devscripts_devel_team devscripts 2.10.44
    devscripts_devel_team devscripts 2.10.45
    devscripts_devel_team devscripts 2.10.46
    devscripts_devel_team devscripts 2.10.47
    devscripts_devel_team devscripts 2.10.48
    devscripts_devel_team devscripts 2.10.49
    devscripts_devel_team devscripts 2.10.50
    devscripts_devel_team devscripts 2.10.51
    devscripts_devel_team devscripts 2.10.52
    devscripts_devel_team devscripts 2.10.53
    devscripts_devel_team devscripts 2.10.54
    devscripts_devel_team devscripts 2.10.55
    devscripts_devel_team devscripts 2.10.56
    devscripts_devel_team devscripts 2.10.57
    devscripts_devel_team devscripts 2.10.58
    devscripts_devel_team devscripts 2.10.59
    devscripts_devel_team devscripts 2.10.60
    devscripts_devel_team devscripts 2.10.61
    devscripts_devel_team devscripts 2.10.62
    devscripts_devel_team devscripts 2.10.63
    devscripts_devel_team devscripts 2.10.64
    devscripts_devel_team devscripts 2.10.65.1
    devscripts_devel_team devscripts 2.10.66
    devscripts_devel_team devscripts 2.10.67
    devscripts_devel_team devscripts 2.10.68
    devscripts_devel_team devscripts 2.10.69
    devscripts_devel_team devscripts 2.10.69 squeeze1
    devscripts_devel_team devscripts 2.10.69 squeeze2
    devscripts_devel_team devscripts 2.10.69 squeeze3
    devscripts_devel_team devscripts 2.10.69 squeeze4
    devscripts_devel_team devscripts 2.10.70
    devscripts_devel_team devscripts 2.10.71
    devscripts_devel_team devscripts *