PT-2012-3900 · Debian · Devscripts

Raphael Geissert

Published

2012-10-01

Updated

2017-08-29

CVE-2012-2241

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions devscripts versions prior to 2.12.3

Description The issue allows remote attackers to delete arbitrary files via a crafted .dsc or .changes file, probably related to a NULL byte in a filename.

Recommendations For versions prior to 2.12.3, update to version 2.12.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the scripts/dget.pl script until the update is applied.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2012-2241

DSA-2549-1

OPENSUSE-SU-2024:10372-1

Affected Products

Devscripts

PT-2012-3900 · Debian · Devscripts

CVE-2012-2241

Weakness Enumeration

Related Identifiers

Affected Products

References · 10