PT-2012-3900 · Debian · Devscripts

Raphael Geissert

·

Publicado

2012-10-01

·

Atualizado

2017-08-29

·

CVE-2012-2241

CVSS v2.0

5.0

Média

VetorAV:N/AC:L/Au:N/C:N/I:P/A:N
Name of the Vulnerable Software and Affected Versions devscripts versions prior to 2.12.3
Description The issue allows remote attackers to delete arbitrary files via a crafted .dsc or .changes file, probably related to a NULL byte in a filename.
Recommendations For versions prior to 2.12.3, update to version 2.12.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the scripts/dget.pl script until the update is applied.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2012-2241
DSA-2549-1
OPENSUSE-SU-2024:10372-1

Produtos afetados

Devscripts