CVE-2009-4015 - Vulnerability Details

Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allows remote attackers to execute arbitrary commands via shell metacharacters in filename arguments.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Debian	Lintian

Configuration 1 [-]

OR	cpe:2.3:a:debian:lintian:1.23.0:::::::*
	cpe:2.3:a:debian:lintian:1.23.1:::::::*
	cpe:2.3:a:debian:lintian:1.23.2:::::::*
	cpe:2.3:a:debian:lintian:1.23.3:::::::*
	cpe:2.3:a:debian:lintian:1.23.4:::::::*
	cpe:2.3:a:debian:lintian:1.23.5:::::::*
	cpe:2.3:a:debian:lintian:1.23.6:::::::*
	cpe:2.3:a:debian:lintian:1.23.7:::::::*
	cpe:2.3:a:debian:lintian:1.23.8:::::::*
	cpe:2.3:a:debian:lintian:1.23.9:::::::*
	cpe:2.3:a:debian:lintian:1.23.10:::::::*
	cpe:2.3:a:debian:lintian:1.23.11:::::::*
	cpe:2.3:a:debian:lintian:1.23.12:::::::*
	cpe:2.3:a:debian:lintian:1.23.13:::::::*
	cpe:2.3:a:debian:lintian:1.23.14:::::::*
	cpe:2.3:a:debian:lintian:1.23.15:::::::*
	cpe:2.3:a:debian:lintian:1.23.16:::::::*
	cpe:2.3:a:debian:lintian:1.23.17:::::::*
	cpe:2.3:a:debian:lintian:1.23.18:::::::*
	cpe:2.3:a:debian:lintian:1.23.19:::::::*
	cpe:2.3:a:debian:lintian:1.23.20:::::::*
	cpe:2.3:a:debian:lintian:1.23.22:::::::*
	cpe:2.3:a:debian:lintian:1.23.23:::::::*
	cpe:2.3:a:debian:lintian:1.23.24:::::::*
	cpe:2.3:a:debian:lintian:1.23.25:::::::*
	cpe:2.3:a:debian:lintian:1.23.26:::::::*
	cpe:2.3:a:debian:lintian:1.23.27:::::::*
	cpe:2.3:a:debian:lintian:1.23.28:::::::*
	cpe:2.3:a:debian:lintian:1.24.0:::::::*
	cpe:2.3:a:debian:lintian:1.24.1:::::::*
	cpe:2.3:a:debian:lintian:1.24.2:::::::*
	cpe:2.3:a:debian:lintian:2.0-rc1:::::::*
	cpe:2.3:a:debian:lintian:2.0-rc2:::::::*
	cpe:2.3:a:debian:lintian:2.1.0:::::::*
	cpe:2.3:a:debian:lintian:2.1.1:::::::*
	cpe:2.3:a:debian:lintian:2.1.2:::::::*
	cpe:2.3:a:debian:lintian:2.1.3:::::::*
	cpe:2.3:a:debian:lintian:2.1.4:::::::*
	cpe:2.3:a:debian:lintian:2.1.5:::::::*
	cpe:2.3:a:debian:lintian:2.1.6:::::::*
	cpe:2.3:a:debian:lintian:2.2.0:::::::*
	cpe:2.3:a:debian:lintian:2.2.1:::::::*
	cpe:2.3:a:debian:lintian:2.2.2:::::::*
	cpe:2.3:a:debian:lintian:2.2.3:::::::*
	cpe:2.3:a:debian:lintian:2.2.4:::::::*
	cpe:2.3:a:debian:lintian:2.2.5:::::::*
	cpe:2.3:a:debian:lintian:2.2.6:::::::*
	cpe:2.3:a:debian:lintian:2.2.7:::::::*
	cpe:2.3:a:debian:lintian:2.2.8:::::::*
	cpe:2.3:a:debian:lintian:2.2.9:::::::*
	cpe:2.3:a:debian:lintian:2.2.10:::::::*
	cpe:2.3:a:debian:lintian:2.2.11:::::::*
	cpe:2.3:a:debian:lintian:2.2.12:::::::*
	cpe:2.3:a:debian:lintian:2.2.13:::::::*
	cpe:2.3:a:debian:lintian:2.2.14:::::::*
	cpe:2.3:a:debian:lintian:2.2.15:::::::*
	cpe:2.3:a:debian:lintian:2.2.16:::::::*
	cpe:2.3:a:debian:lintian:2.2.18:::::::*
	cpe:2.3:a:debian:lintian:2.3.0:::::::*
	cpe:2.3:a:debian:lintian:2.3.1:::::::*

No data.

References

Link	Providers
http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=c8d01f062b3e5137cf65196760b079a855c75e00
http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d
http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog
http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.html
http://secunia.com/advisories/38375
http://secunia.com/advisories/38379
http://www.debian.org/security/2010/dsa-1979
http://www.securityfocus.com/bid/37975
http://www.ubuntu.com/usn/USN-891-1

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2010-02-02T16:25:00Z

Updated: 2024-09-17T00:01:59.866Z

Reserved: 2009-11-19T00:00:00Z

Link: CVE-2009-4015

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2010-02-02T16:30:02.407

Modified: 2025-04-11T00:51:21.963

Link: CVE-2009-4015

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allows remote attackers to execute arbitrary commands via shell metacharacters in filename arguments."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2010-02-02T16:25:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "38379", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/38379"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d"}, {"name": "[debian-changes] 20100128 Accepted lintian 1.24.2.1+lenny1 (source all)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.html"}, {"name": "38375", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/38375"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog"}, {"name": "DSA-1979", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2010/dsa-1979"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=c8d01f062b3e5137cf65196760b079a855c75e00"}, {"name": "37975", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/37975"}, {"name": "USN-891-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-891-1"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-4015", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allows remote attackers to execute arbitrary commands via shell metacharacters in filename arguments."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "38379", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38379"}, {"name": "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d", "refsource": "CONFIRM", "url": "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d"}, {"name": "[debian-changes] 20100128 Accepted lintian 1.24.2.1+lenny1 (source all)", "refsource": "MLIST", "url": "http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.html"}, {"name": "38375", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38375"}, {"name": "http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog", "refsource": "CONFIRM", "url": "http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog"}, {"name": "DSA-1979", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2010/dsa-1979"}, {"name": "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=c8d01f062b3e5137cf65196760b079a855c75e00", "refsource": "CONFIRM", "url": "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=c8d01f062b3e5137cf65196760b079a855c75e00"}, {"name": "37975", "refsource": "BID", "url": "http://www.securityfocus.com/bid/37975"}, {"name": "USN-891-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-891-1"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T06:45:50.917Z"}, "title": "CVE Program Container", "references": [{"name": "38379", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/38379"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d"}, {"name": "[debian-changes] 20100128 Accepted lintian 1.24.2.1+lenny1 (source all)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.html"}, {"name": "38375", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/38375"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog"}, {"name": "DSA-1979", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2010/dsa-1979"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=c8d01f062b3e5137cf65196760b079a855c75e00"}, {"name": "37975", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/37975"}, {"name": "USN-891-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-891-1"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-4015", "datePublished": "2010-02-02T16:25:00Z", "dateReserved": "2009-11-19T00:00:00Z", "dateUpdated": "2024-09-17T00:01:59.866Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:debian:lintian:1.23.0:*:*:*:*:*:*:*", "matchCriteriaId": "77110228-C3A7-46AF-A46B-CE38B2055309", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:lintian:1.23.1:*:*:*:*:*:*:*", "matchCriteriaId": "E1D3E6B0-1EF5-430B-BD4A-C44FEA5E8B73", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:lintian:1.23.2:*:*:*:*:*:*:*", "matchCriteriaId": "70424538-742B-4EE8-9A78-F27B5C9C5430", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:lintian:1.23.3:*:*:*:*:*:*:*", "matchCriteriaId": "A4A83C91-61A8-4A1F-A0C5-22BF6E5A2E78", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:lintian:1.23.4:*:*:*:*:*:*:*", "matchCriteriaId": "BDF8DC3D-D9F5-46D2-9E86-2958A23FDA74", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:lintian:1.23.5:*:*:*:*:*:*:*", "matchCriteriaId": "97F84060-D1DD-4F23-97D4-581CAB2A24E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:lintian:1.23.6:*:*:*:*:*:*:*", "matchCriteriaId": "E23D0E3E-8095-4780-BF36-3195C164EF9D", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:lintian:1.23.7:*:*:*:*:*:*:*", "matchCriteriaId": "A547D2E7-BDD8-4CE6-AE1C-39BDED1B3821", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:lintian:1.23.8:*:*:*:*:*:*:*", "matchCriteriaId": "FBABBB05-E510-4D1F-A844-BE0090E8F2D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:lintian:1.23.9:*:*:*:*:*:*:*", "matchCriteriaId": "F622FB94-F2A5-43A2-9E7F-C9848BCF0790", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:lintian:1.23.10:*:*:*:*:*:*:*", "matchCriteriaId": "DB0940A2-8A9F-44DE-9186-C0219CECC7BC", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:lintian:1.23.11:*:*:*:*:*:*:*", "matchCriteriaId": "B24385F6-A5A6-4B0E-957C-A0C7528FA808", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:lintian:1.23.12:*:*:*:*:*:*:*", "matchCriteriaId": "835D90BF-7D6A-43C5-A68B-18D9AA0D1922", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:lintian:1.23.13:*:*:*:*:*:*:*", "matchCriteriaId": "13D742A5-EF0E-4973-80A3-2DE3935BDF51", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:lintian:1.23.14:*:*:*:*:*:*:*", "matchCriteriaId": "1E5EE52D-846D-4DA1-BBD3-655609E13371", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:lintian:1.23.15:*:*:*:*:*:*:*", "matchCriteriaId": "74229EBB-66F1-4FFC-B7B4-AD0A68233D56", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:lintian:1.23.16:*:*:*:*:*:*:*", "matchCriteriaId": "F07491A0-D87D-4492-B4D3-4DCF7199FFD4", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:lintian:1.23.17:*:*:*:*:*:*:*", "matchCriteriaId": "B223501C-7027-47F8-9CAF-22D2A1B5124E", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:lintian:1.23.18:*:*:*:*:*:*:*", "matchCriteriaId": "E0680860-7D31-4032-9850-6D95B5C12ADD", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:lintian:1.23.19:*:*:*:*:*:*:*", "matchCriteriaId": "5F8A5765-C38B-4E6A-8C68-E2F35A884D2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:lintian:1.23.20:*:*:*:*:*:*:*", "matchCriteriaId": "AD729DFA-6175-422C-A4B8-3C8CC345E7BE", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:lintian:1.23.22:*:*:*:*:*:*:*", "matchCriteriaId": "64349AE7-B6AD-45AD-8F43-86DD0C7EEDC2", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:lintian:1.23.23:*:*:*:*:*:*:*", "matchCriteriaId": "A5C94472-A4E0-4F1E-856E-55149489AA72", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:lintian:1.23.24:*:*:*:*:*:*:*", "matchCriteriaId": "F0CD158A-A58D-49AB-9509-14B3F9DE88D8", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:lintian:1.23.25:*:*:*:*:*:*:*", "matchCriteriaId": "54EF7617-0AC6-468F-8C8C-EC6CE31F56E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:lintian:1.23.26:*:*:*:*:*:*:*", "matchCriteriaId": "C7744B93-BA94-4CED-A03F-827CF950290A", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:lintian:1.23.27:*:*:*:*:*:*:*", "matchCriteriaId": "530D2B8C-AA62-490F-8F19-1A017B4E4B97", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:lintian:1.23.28:*:*:*:*:*:*:*", "matchCriteriaId": "CDDC8E26-4589-4ADC-8E6F-FB66558E38BC", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:lintian:1.24.0:*:*:*:*:*:*:*", "matchCriteriaId": "C867DF6E-E595-49D8-BC73-73DD8419D445", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:lintian:1.24.1:*:*:*:*:*:*:*", "matchCriteriaId": "3C55F6C4-62AA-4175-96E1-AD0605F043C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:lintian:1.24.2:*:*:*:*:*:*:*", "matchCriteriaId": "3C6A4EFA-45E4-4A54-83AD-B46FA3BBCB30", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:lintian:2.0-rc1:*:*:*:*:*:*:*", "matchCriteriaId": "42A61266-6C69-4422-9797-C74029194A08", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:lintian:2.0-rc2:*:*:*:*:*:*:*", "matchCriteriaId": "62D57281-38DE-4487-9800-099BA0774995", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:lintian:2.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "45C0B800-CE86-4EE5-8528-1C8935B7E85C", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:lintian:2.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "0779D586-9152-4A80-B279-8AE74F55359D", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:lintian:2.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "AD0DFC01-6827-4482-AD9F-D75EBE153A4D", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:lintian:2.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "36BE5533-6628-4BA6-BBFF-0FD628B2CAD0", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:lintian:2.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "DDF9CCB2-B4AC-425F-93D7-92FC604CEA92", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:lintian:2.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "E6687113-40F6-4FB8-8CC4-2EC6E72F2778", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:lintian:2.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "DDEB4C84-54FE-45D0-96B3-2AA5ACB95CD0", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:lintian:2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "3228097B-D1B7-4159-8219-F946BB6DC7E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:lintian:2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "DC2F269A-8B0D-44DE-B0F2-4EAB8E35EAD4", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:lintian:2.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "45AAB153-8425-496E-90C9-8B2D0D6C3923", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:lintian:2.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "8477E0C0-6A00-4AB1-B9C2-391AF321D14E", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:lintian:2.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "091EE816-728B-4C9E-B148-B6F5C2D70617", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:lintian:2.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "03503DC1-046C-4534-9F8B-B3EEC46DEEE9", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:lintian:2.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "A87A0BE5-C19A-421A-B486-A6B06B50A47D", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:lintian:2.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "B6266207-66E7-4366-8B6E-932091E27360", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:lintian:2.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "783CB1B9-4CDC-427E-8CE1-99170B0A3684", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:lintian:2.2.9:*:*:*:*:*:*:*", "matchCriteriaId": "D5A8CEE0-E8A6-4852-BE41-0E8EF1DAE4D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:lintian:2.2.10:*:*:*:*:*:*:*", "matchCriteriaId": "16B839B5-9EF6-4354-80A0-82B8E6F4BC70", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:lintian:2.2.11:*:*:*:*:*:*:*", "matchCriteriaId": "DAC037AD-C877-4F13-9CE2-5E3BA6A37F17", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:lintian:2.2.12:*:*:*:*:*:*:*", "matchCriteriaId": "DCF9B562-76C0-4EC2-B41F-7ABC6031C56F", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:lintian:2.2.13:*:*:*:*:*:*:*", "matchCriteriaId": "D2B12FEE-DA6E-45AD-BE64-486BCFF4FFA2", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:lintian:2.2.14:*:*:*:*:*:*:*", "matchCriteriaId": "45C417C2-E318-415C-8FAE-62A40C7BD8C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:lintian:2.2.15:*:*:*:*:*:*:*", "matchCriteriaId": "BDE6B1D1-17F6-496D-ADCB-B3E0A69C7EB8", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:lintian:2.2.16:*:*:*:*:*:*:*", "matchCriteriaId": "75FAA281-F509-45C5-A26D-B78D3C8AC1C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:lintian:2.2.18:*:*:*:*:*:*:*", "matchCriteriaId": "2DDC0BD3-3E90-456F-9AF1-34A9DD45DC5D", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:lintian:2.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "64C8E99D-A622-4F6E-9784-062FD17F9BBE", "vulnerable": true}, {"criteria": "cpe:2.3:a:debian:lintian:2.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "D47724EF-B8CC-498C-B3D1-7E105F29A7C4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allows remote attackers to execute arbitrary commands via shell metacharacters in filename arguments."}, {"lang": "es", "value": "Lintian v1.23.x anterior a v1.23.28, v1.24.x anterior a v1.24.2.1, y v2.x anterior a v2.3.2 permite a atacantes remotos ejecutar comandos arbitrarios mediante metacaracteres del interprete de comandos (shell) en los argumentos de nombre de archivo."}], "id": "CVE-2009-4015", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-02-02T16:30:02.407", "references": [{"source": "cve@mitre.org", "url": "http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=c8d01f062b3e5137cf65196760b079a855c75e00"}, {"source": "cve@mitre.org", "url": "http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d"}, {"source": "cve@mitre.org", "url": "http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog"}, {"source": "cve@mitre.org", "url": "http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/38375"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/38379"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.debian.org/security/2010/dsa-1979"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/37975"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-891-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=c8d01f062b3e5137cf65196760b079a855c75e00"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/38375"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/38379"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.debian.org/security/2010/dsa-1979"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/37975"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-891-1"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object