Published: 04/09/2009 Updated: 08/09/2009

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Eval injection vulnerability in scripts/uscan.pl before Rev 1984 in devscripts allows remote malicious users to execute arbitrary Perl code via crafted pathnames on distribution servers for upstream source code used in Debian GNU/Linux packages.

Vulnerable Product	Search on Vulmon	Subscribe to Product
devscripts_devel_team devscripts

Raphael Geissert discovered that uscan, a part of devscripts, did not properly sanitize its input when processing pathnames If uscan processed a crafted filename for a file on a remote server, an attacker could execute arbitrary code with the privileges of the user invoking the program ...

USN-847-1 fixed vulnerabilities in devscripts This update provides the corresponding updates for Ubuntu 606 LTS ...

Raphael Geissert discovered that uscan, a program to check for availability of new source code versions which is part of the devscripts package, runs Perl code downloaded from potentially untrusted sources to implement its URL and version mangling functionality This update addresses this issue by reimplementing the relevant Perl operators without ...

NVD-CWE-Other http://www.debian.org/security/2009/dsa-1878 http://svn.debian.org/wsvn/devscripts/trunk/scripts/uscan.pl?op=diff&rev=1984&sc=1 http://svn.debian.org/wsvn/devscripts/trunk/scripts/uscan.pl?op=log&rev=0&sc=1&isdir=0 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=515209 https://nvd.nist.gov https://usn.ubuntu.com/847-1/

CVE-2009-2946

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect