PT-2010-1024 · Debian · Lintian

Raphael Geissert

Published

2010-02-02

Updated

2010-02-03

CVE-2009-4014

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Lintian versions 1.23.x through 1.23.28 Lintian versions 1.24.x through 1.24.2.1 Lintian versions 2.x before 2.3.2

Description The issue involves multiple format string vulnerabilities that can be exploited remotely. These vulnerabilities are related to (1) check scripts and (2) the Lintian::Schedule module. The exploitation of these vulnerabilities may lead to a breach of confidentiality, integrity, and availability of protected information.

Recommendations For Lintian versions 1.23.x through 1.23.28, update to a version after 1.23.28. For Lintian versions 1.24.x through 1.24.2.1, update to a version after 1.24.2.1. For Lintian versions 2.x before 2.3.2, update to version 2.3.2 or later.

Fix

Use of Externally-Controlled Format String

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-134CWE-22

Related Identifiers

BDU:2015-02904

CVE-2009-4014

DSA-1979-1

Affected Products

Lintian

PT-2010-1024 · Debian · Lintian

CVE-2009-4014

Weakness Enumeration

Related Identifiers

Affected Products

References · 18