{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Multiple directory traversal vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to overwrite arbitrary files or obtain sensitive information via vectors involving (1) control field names, (2) control field values, and (3) control files of patch systems."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2010-02-02T16:25:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "38379", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/38379"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d"}, {"name": "[debian-changes] 20100128 Accepted lintian 1.24.2.1+lenny1 (source all)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.html"}, {"name": "38375", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/38375"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog"}, {"name": "DSA-1979", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2010/dsa-1979"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=c8d01f062b3e5137cf65196760b079a855c75e00"}, {"name": "37975", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/37975"}, {"name": "USN-891-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-891-1"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-4013", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple directory traversal vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to overwrite arbitrary files or obtain sensitive information via vectors involving (1) control field names, (2) control field values, and (3) control files of patch systems."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "38379", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38379"}, {"name": "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d", "refsource": "CONFIRM", "url": "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d"}, {"name": "[debian-changes] 20100128 Accepted lintian 1.24.2.1+lenny1 (source all)", "refsource": "MLIST", "url": "http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.html"}, {"name": "38375", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38375"}, {"name": "http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog", "refsource": "CONFIRM", "url": "http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog"}, {"name": "DSA-1979", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2010/dsa-1979"}, {"name": "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=c8d01f062b3e5137cf65196760b079a855c75e00", "refsource": "CONFIRM", "url": "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=c8d01f062b3e5137cf65196760b079a855c75e00"}, {"name": "37975", "refsource": "BID", "url": "http://www.securityfocus.com/bid/37975"}, {"name": "USN-891-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-891-1"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T06:45:51.004Z"}, "title": "CVE Program Container", "references": [{"name": "38379", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/38379"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d"}, {"name": "[debian-changes] 20100128 Accepted lintian 1.24.2.1+lenny1 (source all)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.html"}, {"name": "38375", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/38375"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog"}, {"name": "DSA-1979", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2010/dsa-1979"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=c8d01f062b3e5137cf65196760b079a855c75e00"}, {"name": "37975", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/37975"}, {"name": "USN-891-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-891-1"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-4013", "datePublished": "2010-02-02T16:25:00Z", "dateReserved": "2009-11-19T00:00:00Z", "dateUpdated": "2024-09-16T17:24:02.624Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:debian:lintian:*:*:*:*:*:*:*:*", "matchCriteriaId": "663DB007-F0C2-4920-84CD-D0432264E47D", "versionEndIncluding": "1.23.28", "versionStartIncluding": "1.23.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:lintian:*:*:*:*:*:*:*:*", "matchCriteriaId": "D6A97997-A34F-4552-ABE1-1122F894D83F", "versionEndIncluding": "1.24.2.1", "versionStartIncluding": "1.24.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:lintian:*:*:*:*:*:*:*:*", "matchCriteriaId": "D9128954-7E45-4CAA-8F54-364F2557B9FA", "versionEndExcluding": "2.3.2", "versionStartIncluding": "2.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*", "matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*", "matchCriteriaId": "C0507E91-567A-41D6-A7E5-5088A39F75FB", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*", "matchCriteriaId": "4747CC68-FAF4-482F-929A-9DA6C24CB663", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*", "matchCriteriaId": "A5D026D0-EF78-438D-BEDD-FC8571F3ACEB", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*", "matchCriteriaId": "A2BCB73E-27BB-4878-AD9C-90C4F20C25A0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple directory traversal vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to overwrite arbitrary files or obtain sensitive information via vectors involving (1) control field names, (2) control field values, and (3) control files of patch systems."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de salto de directorio en Lintian v1.23.x anterior a v1.23.28, v1.24.x anterior a v1.24.2.1, y v2.x anterior a v2.3.2 permite a atacantes remotos sobreescribir archivos a su elecci\u00f3n u obtener informaci\u00f3n sensible a trav\u00e9s de vectores que implican (1)nombres de los campos de control, (2)valores de los campos de control, y (3)archivos de control de los sistemas de revisi\u00f3n."}], "id": "CVE-2009-4013", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2010-02-02T16:30:02.233", "references": [{"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=c8d01f062b3e5137cf65196760b079a855c75e00"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Patch"], "url": "http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/38375"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/38379"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2010/dsa-1979"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Patch", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/37975"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-891-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=c8d01f062b3e5137cf65196760b079a855c75e00"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch"], "url": "http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/38375"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/38379"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2010/dsa-1979"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Patch", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/37975"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-891-1"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}