CVE-2009-4013
CRITICALLintian 1.23.0-1.23.28, 1.24.0-1.24.2.1, 2.0-2.3.1 - Path Traversal via Control Field Handling
Title source: llmDescription
Multiple directory traversal vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to overwrite arbitrary files or obtain sensitive information via vectors involving (1) control field names, (2) control field values, and (3) control files of patch systems.
References (9)
Core 9
Core References
Broken Link, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/38379
Broken Link x_refsource_confirm
http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d
Mailing List, Patch mailing-list
x_refsource_mlist
http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.html
Broken Link, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/38375
Broken Link x_refsource_confirm
http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2010/dsa-1979
Broken Link x_refsource_confirm
http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=c8d01f062b3e5137cf65196760b079a855c75e00
Broken Link, Patch, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/37975
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-891-1
Scores
CVSS v3
9.8
EPSS
0.0568
EPSS Percentile
92.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-22
Status
published
Products (8)
canonical/ubuntu_linux
6.06
canonical/ubuntu_linux
8.04
canonical/ubuntu_linux
8.10
canonical/ubuntu_linux
9.04
canonical/ubuntu_linux
9.10
debian/debian_linux
4.0
debian/debian_linux
5.0
debian/lintian
1.23.0 - 1.23.28
Published
Feb 02, 2010
Tracked Since
Feb 18, 2026