9.3
CVSSv2

CVE-2009-2946

Published: 04/09/2009 Updated: 08/09/2009
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 828
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

Eval injection vulnerability in scripts/uscan.pl before Rev 1984 in devscripts allows remote malicious users to execute arbitrary Perl code via crafted pathnames on distribution servers for upstream source code used in Debian GNU/Linux packages.

Vulnerable Product Search on Vulmon Subscribe to Product

devscripts_devel_team devscripts

Vendor Advisories

Raphael Geissert discovered that uscan, a part of devscripts, did not properly sanitize its input when processing pathnames If uscan processed a crafted filename for a file on a remote server, an attacker could execute arbitrary code with the privileges of the user invoking the program ...
USN-847-1 fixed vulnerabilities in devscripts This update provides the corresponding updates for Ubuntu 606 LTS ...
Raphael Geissert discovered that uscan, a program to check for availability of new source code versions which is part of the devscripts package, runs Perl code downloaded from potentially untrusted sources to implement its URL and version mangling functionality This update addresses this issue by reimplementing the relevant Perl operators without ...