FKIE_CVE-2009-4015
Vulnerability from fkie_nvd - Published: 2010-02-02 16:30 - Updated: 2026-04-29 01:13
Severity
Summary
Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allows remote attackers to execute arbitrary commands via shell metacharacters in filename arguments.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:lintian:1.23.0:*:*:*:*:*:*:*",
"matchCriteriaId": "77110228-C3A7-46AF-A46B-CE38B2055309",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:lintian:1.23.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E1D3E6B0-1EF5-430B-BD4A-C44FEA5E8B73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:lintian:1.23.2:*:*:*:*:*:*:*",
"matchCriteriaId": "70424538-742B-4EE8-9A78-F27B5C9C5430",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:lintian:1.23.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A4A83C91-61A8-4A1F-A0C5-22BF6E5A2E78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:lintian:1.23.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BDF8DC3D-D9F5-46D2-9E86-2958A23FDA74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:lintian:1.23.5:*:*:*:*:*:*:*",
"matchCriteriaId": "97F84060-D1DD-4F23-97D4-581CAB2A24E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:lintian:1.23.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E23D0E3E-8095-4780-BF36-3195C164EF9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:lintian:1.23.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A547D2E7-BDD8-4CE6-AE1C-39BDED1B3821",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:lintian:1.23.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FBABBB05-E510-4D1F-A844-BE0090E8F2D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:lintian:1.23.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F622FB94-F2A5-43A2-9E7F-C9848BCF0790",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:lintian:1.23.10:*:*:*:*:*:*:*",
"matchCriteriaId": "DB0940A2-8A9F-44DE-9186-C0219CECC7BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:lintian:1.23.11:*:*:*:*:*:*:*",
"matchCriteriaId": "B24385F6-A5A6-4B0E-957C-A0C7528FA808",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:lintian:1.23.12:*:*:*:*:*:*:*",
"matchCriteriaId": "835D90BF-7D6A-43C5-A68B-18D9AA0D1922",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:lintian:1.23.13:*:*:*:*:*:*:*",
"matchCriteriaId": "13D742A5-EF0E-4973-80A3-2DE3935BDF51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:lintian:1.23.14:*:*:*:*:*:*:*",
"matchCriteriaId": "1E5EE52D-846D-4DA1-BBD3-655609E13371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:lintian:1.23.15:*:*:*:*:*:*:*",
"matchCriteriaId": "74229EBB-66F1-4FFC-B7B4-AD0A68233D56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:lintian:1.23.16:*:*:*:*:*:*:*",
"matchCriteriaId": "F07491A0-D87D-4492-B4D3-4DCF7199FFD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:lintian:1.23.17:*:*:*:*:*:*:*",
"matchCriteriaId": "B223501C-7027-47F8-9CAF-22D2A1B5124E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:lintian:1.23.18:*:*:*:*:*:*:*",
"matchCriteriaId": "E0680860-7D31-4032-9850-6D95B5C12ADD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:lintian:1.23.19:*:*:*:*:*:*:*",
"matchCriteriaId": "5F8A5765-C38B-4E6A-8C68-E2F35A884D2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:lintian:1.23.20:*:*:*:*:*:*:*",
"matchCriteriaId": "AD729DFA-6175-422C-A4B8-3C8CC345E7BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:lintian:1.23.22:*:*:*:*:*:*:*",
"matchCriteriaId": "64349AE7-B6AD-45AD-8F43-86DD0C7EEDC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:lintian:1.23.23:*:*:*:*:*:*:*",
"matchCriteriaId": "A5C94472-A4E0-4F1E-856E-55149489AA72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:lintian:1.23.24:*:*:*:*:*:*:*",
"matchCriteriaId": "F0CD158A-A58D-49AB-9509-14B3F9DE88D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:lintian:1.23.25:*:*:*:*:*:*:*",
"matchCriteriaId": "54EF7617-0AC6-468F-8C8C-EC6CE31F56E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:lintian:1.23.26:*:*:*:*:*:*:*",
"matchCriteriaId": "C7744B93-BA94-4CED-A03F-827CF950290A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:lintian:1.23.27:*:*:*:*:*:*:*",
"matchCriteriaId": "530D2B8C-AA62-490F-8F19-1A017B4E4B97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:lintian:1.23.28:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDC8E26-4589-4ADC-8E6F-FB66558E38BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:lintian:1.24.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C867DF6E-E595-49D8-BC73-73DD8419D445",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:lintian:1.24.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C55F6C4-62AA-4175-96E1-AD0605F043C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:lintian:1.24.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3C6A4EFA-45E4-4A54-83AD-B46FA3BBCB30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:lintian:2.0-rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "42A61266-6C69-4422-9797-C74029194A08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:lintian:2.0-rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "62D57281-38DE-4487-9800-099BA0774995",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:lintian:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "45C0B800-CE86-4EE5-8528-1C8935B7E85C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:lintian:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0779D586-9152-4A80-B279-8AE74F55359D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:lintian:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AD0DFC01-6827-4482-AD9F-D75EBE153A4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:lintian:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "36BE5533-6628-4BA6-BBFF-0FD628B2CAD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:lintian:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DDF9CCB2-B4AC-425F-93D7-92FC604CEA92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:lintian:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E6687113-40F6-4FB8-8CC4-2EC6E72F2778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:lintian:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DDEB4C84-54FE-45D0-96B3-2AA5ACB95CD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:lintian:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3228097B-D1B7-4159-8219-F946BB6DC7E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:lintian:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC2F269A-8B0D-44DE-B0F2-4EAB8E35EAD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:lintian:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "45AAB153-8425-496E-90C9-8B2D0D6C3923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:lintian:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8477E0C0-6A00-4AB1-B9C2-391AF321D14E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:lintian:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "091EE816-728B-4C9E-B148-B6F5C2D70617",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:lintian:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "03503DC1-046C-4534-9F8B-B3EEC46DEEE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:lintian:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A87A0BE5-C19A-421A-B486-A6B06B50A47D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:lintian:2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B6266207-66E7-4366-8B6E-932091E27360",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:lintian:2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "783CB1B9-4CDC-427E-8CE1-99170B0A3684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:lintian:2.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D5A8CEE0-E8A6-4852-BE41-0E8EF1DAE4D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:lintian:2.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "16B839B5-9EF6-4354-80A0-82B8E6F4BC70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:lintian:2.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "DAC037AD-C877-4F13-9CE2-5E3BA6A37F17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:lintian:2.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "DCF9B562-76C0-4EC2-B41F-7ABC6031C56F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:lintian:2.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B12FEE-DA6E-45AD-BE64-486BCFF4FFA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:lintian:2.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "45C417C2-E318-415C-8FAE-62A40C7BD8C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:lintian:2.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "BDE6B1D1-17F6-496D-ADCB-B3E0A69C7EB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:lintian:2.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "75FAA281-F509-45C5-A26D-B78D3C8AC1C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:lintian:2.2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "2DDC0BD3-3E90-456F-9AF1-34A9DD45DC5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:lintian:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "64C8E99D-A622-4F6E-9784-062FD17F9BBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:debian:lintian:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D47724EF-B8CC-498C-B3D1-7E105F29A7C4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allows remote attackers to execute arbitrary commands via shell metacharacters in filename arguments."
},
{
"lang": "es",
"value": "Lintian v1.23.x anterior a v1.23.28, v1.24.x anterior a v1.24.2.1, y v2.x anterior a v2.3.2 permite a atacantes remotos ejecutar comandos arbitrarios mediante metacaracteres del interprete de comandos (shell) en los argumentos de nombre de archivo."
}
],
"id": "CVE-2009-4015",
"lastModified": "2026-04-29T01:13:23.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-02-02T16:30:02.407",
"references": [
{
"source": "cve@mitre.org",
"url": "http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=c8d01f062b3e5137cf65196760b079a855c75e00"
},
{
"source": "cve@mitre.org",
"url": "http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d"
},
{
"source": "cve@mitre.org",
"url": "http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog"
},
{
"source": "cve@mitre.org",
"url": "http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38375"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38379"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2010/dsa-1979"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/37975"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-891-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=c8d01f062b3e5137cf65196760b079a855c75e00"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.debian.org/?p=lintian/lintian.git%3Ba=commit%3Bh=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38375"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38379"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2010/dsa-1979"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/37975"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-891-1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…