Vulnerability-Lookup

CVE-2009-4015 (GCVE-0-2009-4015)

Vulnerability from cvelistv5 – Published: 2010-02-02 16:25 – Updated: 2024-09-17 00:01

Summary

Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allows remote attackers to execute arbitrary commands via shell metacharacters in filename arguments.

Severity

No CVSS data available.

CWE

Assigner

mitre

References

9 references

URL	Tags
http://secunia.com/advisories/38379	third-party-advisoryx_refsource_SECUNIA
http://git.debian.org/?p=lintian/lintian.git%3Ba=…	x_refsource_CONFIRM
http://packages.qa.debian.org/l/lintian/news/2010…	mailing-listx_refsource_MLIST
http://secunia.com/advisories/38375	third-party-advisoryx_refsource_SECUNIA
http://packages.debian.org/changelogs/pool/main/l…	x_refsource_CONFIRM
http://www.debian.org/security/2010/dsa-1979	vendor-advisoryx_refsource_DEBIAN
http://git.debian.org/?p=lintian/lintian.git%3Ba=…	x_refsource_CONFIRM
http://www.securityfocus.com/bid/37975	vdb-entryx_refsource_BID
http://www.ubuntu.com/usn/USN-891-1	vendor-advisoryx_refsource_UBUNTU

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:45:50.917Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "38379",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38379"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d"
          },
          {
            "name": "[debian-changes] 20100128 Accepted lintian 1.24.2.1+lenny1 (source all)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.html"
          },
          {
            "name": "38375",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38375"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog"
          },
          {
            "name": "DSA-1979",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2010/dsa-1979"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=c8d01f062b3e5137cf65196760b079a855c75e00"
          },
          {
            "name": "37975",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/37975"
          },
          {
            "name": "USN-891-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-891-1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allows remote attackers to execute arbitrary commands via shell metacharacters in filename arguments."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2010-02-02T16:25:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "38379",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38379"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d"
        },
        {
          "name": "[debian-changes] 20100128 Accepted lintian 1.24.2.1+lenny1 (source all)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.html"
        },
        {
          "name": "38375",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38375"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog"
        },
        {
          "name": "DSA-1979",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2010/dsa-1979"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=c8d01f062b3e5137cf65196760b079a855c75e00"
        },
        {
          "name": "37975",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/37975"
        },
        {
          "name": "USN-891-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-891-1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-4015",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allows remote attackers to execute arbitrary commands via shell metacharacters in filename arguments."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "38379",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38379"
            },
            {
              "name": "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d",
              "refsource": "CONFIRM",
              "url": "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d"
            },
            {
              "name": "[debian-changes] 20100128 Accepted lintian 1.24.2.1+lenny1 (source all)",
              "refsource": "MLIST",
              "url": "http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.html"
            },
            {
              "name": "38375",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38375"
            },
            {
              "name": "http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog",
              "refsource": "CONFIRM",
              "url": "http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog"
            },
            {
              "name": "DSA-1979",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2010/dsa-1979"
            },
            {
              "name": "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=c8d01f062b3e5137cf65196760b079a855c75e00",
              "refsource": "CONFIRM",
              "url": "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=c8d01f062b3e5137cf65196760b079a855c75e00"
            },
            {
              "name": "37975",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/37975"
            },
            {
              "name": "USN-891-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-891-1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-4015",
    "datePublished": "2010-02-02T16:25:00.000Z",
    "dateReserved": "2009-11-19T00:00:00.000Z",
    "dateUpdated": "2024-09-17T00:01:59.866Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2009-4015",
      "date": "2026-06-03",
      "epss": "0.01156",
      "percentile": "0.78868"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-4015\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2010-02-02T16:30:02.407\",\"lastModified\":\"2026-04-29T01:13:23.040\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allows remote attackers to execute arbitrary commands via shell metacharacters in filename arguments.\"},{\"lang\":\"es\",\"value\":\"Lintian v1.23.x anterior a v1.23.28, v1.24.x anterior a v1.24.2.1, y v2.x anterior a v2.3.2 permite a atacantes remotos ejecutar comandos arbitrarios mediante metacaracteres del interprete de comandos (shell) en los argumentos de nombre de archivo.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:lintian:1.23.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77110228-C3A7-46AF-A46B-CE38B2055309\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:lintian:1.23.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1D3E6B0-1EF5-430B-BD4A-C44FEA5E8B73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:lintian:1.23.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70424538-742B-4EE8-9A78-F27B5C9C5430\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:lintian:1.23.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4A83C91-61A8-4A1F-A0C5-22BF6E5A2E78\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:lintian:1.23.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDF8DC3D-D9F5-46D2-9E86-2958A23FDA74\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:lintian:1.23.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97F84060-D1DD-4F23-97D4-581CAB2A24E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:lintian:1.23.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E23D0E3E-8095-4780-BF36-3195C164EF9D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:lintian:1.23.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A547D2E7-BDD8-4CE6-AE1C-39BDED1B3821\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:lintian:1.23.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FBABBB05-E510-4D1F-A844-BE0090E8F2D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:lintian:1.23.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F622FB94-F2A5-43A2-9E7F-C9848BCF0790\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:lintian:1.23.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB0940A2-8A9F-44DE-9186-C0219CECC7BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:lintian:1.23.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B24385F6-A5A6-4B0E-957C-A0C7528FA808\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:lintian:1.23.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"835D90BF-7D6A-43C5-A68B-18D9AA0D1922\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:lintian:1.23.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"13D742A5-EF0E-4973-80A3-2DE3935BDF51\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:lintian:1.23.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E5EE52D-846D-4DA1-BBD3-655609E13371\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:lintian:1.23.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74229EBB-66F1-4FFC-B7B4-AD0A68233D56\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:lintian:1.23.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F07491A0-D87D-4492-B4D3-4DCF7199FFD4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:lintian:1.23.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B223501C-7027-47F8-9CAF-22D2A1B5124E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:lintian:1.23.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0680860-7D31-4032-9850-6D95B5C12ADD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:lintian:1.23.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F8A5765-C38B-4E6A-8C68-E2F35A884D2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:lintian:1.23.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD729DFA-6175-422C-A4B8-3C8CC345E7BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:lintian:1.23.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"64349AE7-B6AD-45AD-8F43-86DD0C7EEDC2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:lintian:1.23.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5C94472-A4E0-4F1E-856E-55149489AA72\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:lintian:1.23.24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0CD158A-A58D-49AB-9509-14B3F9DE88D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:lintian:1.23.25:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"54EF7617-0AC6-468F-8C8C-EC6CE31F56E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:lintian:1.23.26:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7744B93-BA94-4CED-A03F-827CF950290A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:lintian:1.23.27:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"530D2B8C-AA62-490F-8F19-1A017B4E4B97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:lintian:1.23.28:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CDDC8E26-4589-4ADC-8E6F-FB66558E38BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:lintian:1.24.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C867DF6E-E595-49D8-BC73-73DD8419D445\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:lintian:1.24.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C55F6C4-62AA-4175-96E1-AD0605F043C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:lintian:1.24.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C6A4EFA-45E4-4A54-83AD-B46FA3BBCB30\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:lintian:2.0-rc1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"42A61266-6C69-4422-9797-C74029194A08\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:lintian:2.0-rc2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62D57281-38DE-4487-9800-099BA0774995\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:lintian:2.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45C0B800-CE86-4EE5-8528-1C8935B7E85C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:lintian:2.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0779D586-9152-4A80-B279-8AE74F55359D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:lintian:2.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD0DFC01-6827-4482-AD9F-D75EBE153A4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:lintian:2.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36BE5533-6628-4BA6-BBFF-0FD628B2CAD0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:lintian:2.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DDF9CCB2-B4AC-425F-93D7-92FC604CEA92\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:lintian:2.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6687113-40F6-4FB8-8CC4-2EC6E72F2778\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:lintian:2.1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DDEB4C84-54FE-45D0-96B3-2AA5ACB95CD0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:lintian:2.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3228097B-D1B7-4159-8219-F946BB6DC7E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:lintian:2.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC2F269A-8B0D-44DE-B0F2-4EAB8E35EAD4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:lintian:2.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45AAB153-8425-496E-90C9-8B2D0D6C3923\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:lintian:2.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8477E0C0-6A00-4AB1-B9C2-391AF321D14E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:lintian:2.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"091EE816-728B-4C9E-B148-B6F5C2D70617\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:lintian:2.2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03503DC1-046C-4534-9F8B-B3EEC46DEEE9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:lintian:2.2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A87A0BE5-C19A-421A-B486-A6B06B50A47D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:lintian:2.2.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6266207-66E7-4366-8B6E-932091E27360\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:lintian:2.2.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"783CB1B9-4CDC-427E-8CE1-99170B0A3684\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:lintian:2.2.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5A8CEE0-E8A6-4852-BE41-0E8EF1DAE4D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:lintian:2.2.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16B839B5-9EF6-4354-80A0-82B8E6F4BC70\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:lintian:2.2.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DAC037AD-C877-4F13-9CE2-5E3BA6A37F17\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:lintian:2.2.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCF9B562-76C0-4EC2-B41F-7ABC6031C56F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:lintian:2.2.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2B12FEE-DA6E-45AD-BE64-486BCFF4FFA2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:lintian:2.2.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45C417C2-E318-415C-8FAE-62A40C7BD8C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:lintian:2.2.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BDE6B1D1-17F6-496D-ADCB-B3E0A69C7EB8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:lintian:2.2.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"75FAA281-F509-45C5-A26D-B78D3C8AC1C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:lintian:2.2.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2DDC0BD3-3E90-456F-9AF1-34A9DD45DC5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:lintian:2.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"64C8E99D-A622-4F6E-9784-062FD17F9BBE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:debian:lintian:2.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D47724EF-B8CC-498C-B3D1-7E105F29A7C4\"}]}]}],\"references\":[{\"url\":\"http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=c8d01f062b3e5137cf65196760b079a855c75e00\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/38375\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/38379\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.debian.org/security/2010/dsa-1979\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/37975\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-891-1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=c8d01f062b3e5137cf65196760b079a855c75e00\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/38375\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/38379\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.debian.org/security/2010/dsa-1979\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/37975\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-891-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2009-4015

Vulnerability from fkie_nvd - Published: 2010-02-02 16:30 - Updated: 2026-04-29 01:13

Severity

Summary

Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allows remote attackers to execute arbitrary commands via shell metacharacters in filename arguments.

References

URL	Tags
cve@mitre.org	http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=c8d01f062b3e5137cf65196760b079a855c75e00
cve@mitre.org	http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d
cve@mitre.org	http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog
cve@mitre.org	http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.html
cve@mitre.org	http://secunia.com/advisories/38375	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/38379	Vendor Advisory
cve@mitre.org	http://www.debian.org/security/2010/dsa-1979	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/37975	Patch
cve@mitre.org	http://www.ubuntu.com/usn/USN-891-1
af854a3a-2127-422b-91ae-364da2661108	http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=c8d01f062b3e5137cf65196760b079a855c75e00
af854a3a-2127-422b-91ae-364da2661108	http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d
af854a3a-2127-422b-91ae-364da2661108	http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog
af854a3a-2127-422b-91ae-364da2661108	http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38375	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38379	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2010/dsa-1979	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/37975	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-891-1

Impacted products

Vendor	Product	Version
debian	lintian	1.23.0
debian	lintian	1.23.1
debian	lintian	1.23.2
debian	lintian	1.23.3
debian	lintian	1.23.4
debian	lintian	1.23.5
debian	lintian	1.23.6
debian	lintian	1.23.7
debian	lintian	1.23.8
debian	lintian	1.23.9
debian	lintian	1.23.10
debian	lintian	1.23.11
debian	lintian	1.23.12
debian	lintian	1.23.13
debian	lintian	1.23.14
debian	lintian	1.23.15
debian	lintian	1.23.16
debian	lintian	1.23.17
debian	lintian	1.23.18
debian	lintian	1.23.19
debian	lintian	1.23.20
debian	lintian	1.23.22
debian	lintian	1.23.23
debian	lintian	1.23.24
debian	lintian	1.23.25
debian	lintian	1.23.26
debian	lintian	1.23.27
debian	lintian	1.23.28
debian	lintian	1.24.0
debian	lintian	1.24.1
debian	lintian	1.24.2
debian	lintian	2.0-rc1
debian	lintian	2.0-rc2
debian	lintian	2.1.0
debian	lintian	2.1.1
debian	lintian	2.1.2
debian	lintian	2.1.3
debian	lintian	2.1.4
debian	lintian	2.1.5
debian	lintian	2.1.6
debian	lintian	2.2.0
debian	lintian	2.2.1
debian	lintian	2.2.2
debian	lintian	2.2.3
debian	lintian	2.2.4
debian	lintian	2.2.5
debian	lintian	2.2.6
debian	lintian	2.2.7
debian	lintian	2.2.8
debian	lintian	2.2.9
debian	lintian	2.2.10
debian	lintian	2.2.11
debian	lintian	2.2.12
debian	lintian	2.2.13
debian	lintian	2.2.14
debian	lintian	2.2.15
debian	lintian	2.2.16
debian	lintian	2.2.18
debian	lintian	2.3.0
debian	lintian	2.3.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:debian:lintian:1.23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "77110228-C3A7-46AF-A46B-CE38B2055309",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:lintian:1.23.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1D3E6B0-1EF5-430B-BD4A-C44FEA5E8B73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:lintian:1.23.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "70424538-742B-4EE8-9A78-F27B5C9C5430",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:lintian:1.23.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4A83C91-61A8-4A1F-A0C5-22BF6E5A2E78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:lintian:1.23.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDF8DC3D-D9F5-46D2-9E86-2958A23FDA74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:lintian:1.23.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "97F84060-D1DD-4F23-97D4-581CAB2A24E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:lintian:1.23.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E23D0E3E-8095-4780-BF36-3195C164EF9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:lintian:1.23.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "A547D2E7-BDD8-4CE6-AE1C-39BDED1B3821",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:lintian:1.23.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBABBB05-E510-4D1F-A844-BE0090E8F2D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:lintian:1.23.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "F622FB94-F2A5-43A2-9E7F-C9848BCF0790",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:lintian:1.23.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB0940A2-8A9F-44DE-9186-C0219CECC7BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:lintian:1.23.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "B24385F6-A5A6-4B0E-957C-A0C7528FA808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:lintian:1.23.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "835D90BF-7D6A-43C5-A68B-18D9AA0D1922",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:lintian:1.23.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "13D742A5-EF0E-4973-80A3-2DE3935BDF51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:lintian:1.23.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E5EE52D-846D-4DA1-BBD3-655609E13371",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:lintian:1.23.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "74229EBB-66F1-4FFC-B7B4-AD0A68233D56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:lintian:1.23.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "F07491A0-D87D-4492-B4D3-4DCF7199FFD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:lintian:1.23.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "B223501C-7027-47F8-9CAF-22D2A1B5124E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:lintian:1.23.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0680860-7D31-4032-9850-6D95B5C12ADD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:lintian:1.23.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F8A5765-C38B-4E6A-8C68-E2F35A884D2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:lintian:1.23.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD729DFA-6175-422C-A4B8-3C8CC345E7BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:lintian:1.23.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "64349AE7-B6AD-45AD-8F43-86DD0C7EEDC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:lintian:1.23.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5C94472-A4E0-4F1E-856E-55149489AA72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:lintian:1.23.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0CD158A-A58D-49AB-9509-14B3F9DE88D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:lintian:1.23.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "54EF7617-0AC6-468F-8C8C-EC6CE31F56E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:lintian:1.23.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7744B93-BA94-4CED-A03F-827CF950290A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:lintian:1.23.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "530D2B8C-AA62-490F-8F19-1A017B4E4B97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:lintian:1.23.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDDC8E26-4589-4ADC-8E6F-FB66558E38BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:lintian:1.24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C867DF6E-E595-49D8-BC73-73DD8419D445",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:lintian:1.24.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C55F6C4-62AA-4175-96E1-AD0605F043C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:lintian:1.24.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C6A4EFA-45E4-4A54-83AD-B46FA3BBCB30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:lintian:2.0-rc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "42A61266-6C69-4422-9797-C74029194A08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:lintian:2.0-rc2:*:*:*:*:*:*:*",
              "matchCriteriaId": "62D57281-38DE-4487-9800-099BA0774995",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:lintian:2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "45C0B800-CE86-4EE5-8528-1C8935B7E85C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:lintian:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0779D586-9152-4A80-B279-8AE74F55359D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:lintian:2.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD0DFC01-6827-4482-AD9F-D75EBE153A4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:lintian:2.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "36BE5533-6628-4BA6-BBFF-0FD628B2CAD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:lintian:2.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDF9CCB2-B4AC-425F-93D7-92FC604CEA92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:lintian:2.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6687113-40F6-4FB8-8CC4-2EC6E72F2778",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:lintian:2.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDEB4C84-54FE-45D0-96B3-2AA5ACB95CD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:lintian:2.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3228097B-D1B7-4159-8219-F946BB6DC7E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:lintian:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC2F269A-8B0D-44DE-B0F2-4EAB8E35EAD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:lintian:2.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "45AAB153-8425-496E-90C9-8B2D0D6C3923",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:lintian:2.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8477E0C0-6A00-4AB1-B9C2-391AF321D14E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:lintian:2.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "091EE816-728B-4C9E-B148-B6F5C2D70617",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:lintian:2.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "03503DC1-046C-4534-9F8B-B3EEC46DEEE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:lintian:2.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A87A0BE5-C19A-421A-B486-A6B06B50A47D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:lintian:2.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6266207-66E7-4366-8B6E-932091E27360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:lintian:2.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "783CB1B9-4CDC-427E-8CE1-99170B0A3684",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:lintian:2.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5A8CEE0-E8A6-4852-BE41-0E8EF1DAE4D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:lintian:2.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "16B839B5-9EF6-4354-80A0-82B8E6F4BC70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:lintian:2.2.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAC037AD-C877-4F13-9CE2-5E3BA6A37F17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:lintian:2.2.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCF9B562-76C0-4EC2-B41F-7ABC6031C56F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:lintian:2.2.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2B12FEE-DA6E-45AD-BE64-486BCFF4FFA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:lintian:2.2.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "45C417C2-E318-415C-8FAE-62A40C7BD8C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:lintian:2.2.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDE6B1D1-17F6-496D-ADCB-B3E0A69C7EB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:lintian:2.2.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "75FAA281-F509-45C5-A26D-B78D3C8AC1C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:lintian:2.2.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DDC0BD3-3E90-456F-9AF1-34A9DD45DC5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:lintian:2.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "64C8E99D-A622-4F6E-9784-062FD17F9BBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:debian:lintian:2.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D47724EF-B8CC-498C-B3D1-7E105F29A7C4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allows remote attackers to execute arbitrary commands via shell metacharacters in filename arguments."
    },
    {
      "lang": "es",
      "value": "Lintian v1.23.x anterior a v1.23.28, v1.24.x anterior a v1.24.2.1, y v2.x anterior a v2.3.2 permite a atacantes remotos ejecutar comandos arbitrarios mediante metacaracteres del interprete de comandos (shell) en los argumentos de nombre de archivo."
    }
  ],
  "id": "CVE-2009-4015",
  "lastModified": "2026-04-29T01:13:23.040",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-02-02T16:30:02.407",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=c8d01f062b3e5137cf65196760b079a855c75e00"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/38375"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/38379"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2010/dsa-1979"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/37975"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/USN-891-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=c8d01f062b3e5137cf65196760b079a855c75e00"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/38375"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/38379"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2010/dsa-1979"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/37975"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-891-1"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-F866-MHCW-M7PP

Vulnerability from github – Published: 2022-05-02 03:50 – Updated: 2025-04-11 03:31

Details

Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allows remote attackers to execute arbitrary commands via shell metacharacters in filename arguments.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-4015"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-89"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-02-02T16:30:00Z",
    "severity": "HIGH"
  },
  "details": "Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allows remote attackers to execute arbitrary commands via shell metacharacters in filename arguments.",
  "id": "GHSA-f866-mhcw-m7pp",
  "modified": "2025-04-11T03:31:12Z",
  "published": "2022-05-02T03:50:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4015"
    },
    {
      "type": "WEB",
      "url": "http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=c8d01f062b3e5137cf65196760b079a855c75e00"
    },
    {
      "type": "WEB",
      "url": "http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d"
    },
    {
      "type": "WEB",
      "url": "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=c8d01f062b3e5137cf65196760b079a855c75e00"
    },
    {
      "type": "WEB",
      "url": "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d"
    },
    {
      "type": "WEB",
      "url": "http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog"
    },
    {
      "type": "WEB",
      "url": "http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38375"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38379"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2010/dsa-1979"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/37975"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-891-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2009-4015

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allows remote attackers to execute arbitrary commands via shell metacharacters in filename arguments.

Aliases

CVE-2009-4015

Aliases

CVE-2009-4015

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-4015",
    "description": "Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allows remote attackers to execute arbitrary commands via shell metacharacters in filename arguments.",
    "id": "GSD-2009-4015",
    "references": [
      "https://www.debian.org/security/2010/dsa-1979"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-4015"
      ],
      "details": "Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allows remote attackers to execute arbitrary commands via shell metacharacters in filename arguments.",
      "id": "GSD-2009-4015",
      "modified": "2023-12-13T01:19:44.956070Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2009-4015",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allows remote attackers to execute arbitrary commands via shell metacharacters in filename arguments."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "38379",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/38379"
          },
          {
            "name": "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d",
            "refsource": "CONFIRM",
            "url": "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d"
          },
          {
            "name": "[debian-changes] 20100128 Accepted lintian 1.24.2.1+lenny1 (source all)",
            "refsource": "MLIST",
            "url": "http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.html"
          },
          {
            "name": "38375",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/38375"
          },
          {
            "name": "http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog",
            "refsource": "CONFIRM",
            "url": "http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog"
          },
          {
            "name": "DSA-1979",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2010/dsa-1979"
          },
          {
            "name": "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=c8d01f062b3e5137cf65196760b079a855c75e00",
            "refsource": "CONFIRM",
            "url": "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=c8d01f062b3e5137cf65196760b079a855c75e00"
          },
          {
            "name": "37975",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/37975"
          },
          {
            "name": "USN-891-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/USN-891-1"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:debian:lintian:1.23.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:debian:lintian:1.23.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:debian:lintian:1.23.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:debian:lintian:1.23.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:debian:lintian:1.23.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:debian:lintian:1.23.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:debian:lintian:1.23.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:debian:lintian:1.23.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:debian:lintian:2.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:debian:lintian:2.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:debian:lintian:2.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:debian:lintian:2.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:debian:lintian:2.2.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:debian:lintian:2.2.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:debian:lintian:2.2.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:debian:lintian:2.2.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:debian:lintian:2.2.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:debian:lintian:1.23.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:debian:lintian:1.23.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:debian:lintian:1.23.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:debian:lintian:1.23.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:debian:lintian:1.23.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:debian:lintian:1.23.24:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:debian:lintian:1.24.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:debian:lintian:2.0-rc2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:debian:lintian:2.1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:debian:lintian:2.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:debian:lintian:2.2.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:debian:lintian:2.2.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:debian:lintian:2.2.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:debian:lintian:2.2.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:debian:lintian:1.23.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:debian:lintian:1.23.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:debian:lintian:1.23.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:debian:lintian:1.23.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:debian:lintian:1.23.26:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:debian:lintian:1.23.27:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:debian:lintian:1.23.28:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:debian:lintian:1.24.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:debian:lintian:1.24.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:debian:lintian:2.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:debian:lintian:2.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:debian:lintian:2.2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:debian:lintian:2.2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:debian:lintian:2.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:debian:lintian:1.23.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:debian:lintian:1.23.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:debian:lintian:1.23.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:debian:lintian:1.23.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:debian:lintian:1.23.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:debian:lintian:1.23.23:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:debian:lintian:1.23.25:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:debian:lintian:2.0-rc1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:debian:lintian:2.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:debian:lintian:2.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:debian:lintian:2.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:debian:lintian:2.2.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:debian:lintian:2.2.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:debian:lintian:2.2.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:debian:lintian:2.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-4015"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allows remote attackers to execute arbitrary commands via shell metacharacters in filename arguments."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-89"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[debian-changes] 20100128 Accepted lintian 1.24.2.1+lenny1 (source all)",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.html"
            },
            {
              "name": "37975",
              "refsource": "BID",
              "tags": [
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/37975"
            },
            {
              "name": "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d"
            },
            {
              "name": "DSA-1979",
              "refsource": "DEBIAN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.debian.org/security/2010/dsa-1979"
            },
            {
              "name": "38379",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/38379"
            },
            {
              "name": "38375",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/38375"
            },
            {
              "name": "USN-891-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-891-1"
            },
            {
              "name": "http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog"
            },
            {
              "name": "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=c8d01f062b3e5137cf65196760b079a855c75e00",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://git.debian.org/?p=lintian/lintian.git;a=commit;h=c8d01f062b3e5137cf65196760b079a855c75e00"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2010-02-04T05:00Z",
      "publishedDate": "2010-02-02T16:30Z"
    }
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2009-4015 (GCVE-0-2009-4015)

FKIE_CVE-2009-4015

GHSA-F866-MHCW-M7PP

GSD-2009-4015

Tags

Sightings

Nomenclature