漏洞信息详情

Debian Lintian多个目录遍历漏洞

• CNNVD编号：CNNVD-201002-002
• 危害等级： 低危
  
• CVE编号： CVE-2009-4013
• 漏洞类型： 路径遍历
• 发布时间： 2010-02-02
• 威胁类型： 远程
• 更新时间： 2010-02-03
• 厂        商： debian
• 漏洞来源： Debian

漏洞简介

Debian lintian是由Debian Project合作组织开发维护的一款软件包检查程序。

Debian Lintian存在多个目录遍历漏洞。patch systems控制文件在使用前没有充分过滤，远程攻击者可以通过向量导致任意文件覆盖或者敏感信息泄露，该向量与 (1)控制区域名称，(2)控制区域值，(3)补丁系统控制文件相关。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题，补丁下载链接：

Ubuntu Ubuntu Linux 9.10 sparc

Ubuntu lintian_2.2.17ubuntu1.1_all.deb

http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_2.2.17ub untu1.1_all.deb

Debian Linux 4.0 arm

Debian lintian_1.23.28+etch1_all.deb

http://security.debian.org/pool/updates/main/l/lintian/lintian_1.23.28 +etch1_all.deb

Debian Linux 5.0 ia-64

Debian lintian_1.24.2.1+lenny1_all.deb

http://security.debian.org/pool/updates/main/l/lintian/lintian_1.24.2. 1+lenny1_all.deb

Ubuntu Ubuntu Linux 8.04 LTS powerpc

Ubuntu lintian_1.23.46ubuntu0.1_all.deb

http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_1.23.46u buntu0.1_all.deb

Ubuntu Ubuntu Linux 8.10 powerpc

Ubuntu lintian_1.24.3ubuntu0.1_all.deb

http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_1.24.3ub untu0.1_all.deb

Debian Linux 4.0 powerpc

Debian lintian_1.23.28+etch1_all.deb

http://security.debian.org/pool/updates/main/l/lintian/lintian_1.23.28 +etch1_all.deb

Ubuntu Ubuntu Linux 8.04 LTS sparc

Ubuntu lintian_1.23.46ubuntu0.1_all.deb

http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_1.23.46u buntu0.1_all.deb

Ubuntu Ubuntu Linux 8.10 i386

Ubuntu lintian_1.24.3ubuntu0.1_all.deb

http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_1.24.3ub untu0.1_all.deb

Debian Linux 4.0 m68k

Debian lintian_1.23.28+etch1_all.deb

http://security.debian.org/pool/updates/main/l/lintian/lintian_1.23.28 +etch1_all.deb

Ubuntu Ubuntu Linux 9.10 powerpc

Ubuntu lintian_2.2.17ubuntu1.1_all.deb

http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_2.2.17ub untu1.1_all.deb

Ubuntu Ubuntu Linux 6.06 LTS sparc

Ubuntu lintian_1.23.16ubuntu2.1_all.deb

http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_1.23.16u buntu2.1_all.deb

Debian Linux 5.0 alpha

Debian lintian_1.24.2.1+lenny1_all.deb

http://security.debian.org/pool/updates/main/l/lintian/lintian_1.24.2. 1+lenny1_all.deb

Debian Linux 5.0 ia-32

Debian lintian_1.24.2.1+lenny1_all.deb

http://security.debian.org/pool/updates/main/l/lintian/lintian_1.24.2. 1+lenny1_all.deb

Ubuntu Ubuntu Linux 6.06 LTS powerpc

Ubuntu lintian_1.23.16ubuntu2.1_all.deb

http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_1.23.16u buntu2.1_all.deb

Ubuntu Ubuntu Linux 8.04 LTS amd64

Ubuntu lintian_1.23.46ubuntu0.1_all.deb

http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_1.23.46u buntu0.1_all.deb

Debian Linux 5.0 s/390

Debian lintian_1.24.2.1+lenny1_all.deb

http://security.debian.org/pool/updates/main/l/lintian/lintian_1.24.2. 1+lenny1_all.deb

Ubuntu Ubuntu Linux 9.10 lpia

Ubuntu lintian_2.2.17ubuntu1.1_all.deb

http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_2.2.17ub untu1.1_all.deb

Debian Linux 5.0 mipsel

Debian lintian_1.24.2.1+lenny1_all.deb

http://security.debian.org/pool/updates/main/l/lintian/lintian_1.24.2. 1+lenny1_all.deb

Ubuntu Ubuntu Linux 9.04 sparc

Ubuntu lintian_2.2.5ubuntu1.1_all.deb

http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_2.2.5ubu ntu1.1_all.deb

Ubuntu Ubuntu Linux 8.04 LTS lpia

Ubuntu lintian_1.23.46ubuntu0.1_all.deb

http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_1.23.46u buntu0.1_all.deb

Ubuntu Ubuntu Linux 9.04 powerpc

Ubuntu lintian_2.2.5ubuntu1.1_all.deb

http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_2.2.5ubu ntu1.1_all.deb

Ubuntu Ubuntu Linux 6.06 LTS i386

Ubuntu lintian_1.23.16ubuntu2.1_all.deb

http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_1.23.16u buntu2.1_all.deb

Ubuntu Ubuntu Linux 8.10 lpia

Ubuntu lintian_1.24.3ubuntu0.1_all.deb

http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_1.24.3ub untu0.1_all.deb

Debian Linux 4.0 amd64

Debian lintian_1.23.28+etch1_all.deb

http://security.debian.org/pool/updates/main/l/lintian/lintian_1.23.28 +etch1_all.deb

Ubuntu Ubuntu Linux 6.06 LTS amd64

Ubuntu lintian_1.23.16ubuntu2.1_all.deb

http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_1.23.16u buntu2.1_all.deb

Debian Linux 4.0 ia-32

Debian lintian_1.23.

参考网址

来源: BID

名称: 37975

链接:http://www.securityfocus.com/bid/37975

来源: UBUNTU

名称: USN-891-1

链接:http://www.ubuntu.com/usn/USN-891-1

来源: DEBIAN

名称: DSA-1979

链接:http://www.debian.org/security/2010/dsa-1979

来源: SECUNIA

名称: 38379

链接:http://secunia.com/advisories/38379

来源: SECUNIA

名称: 38375

链接:http://secunia.com/advisories/38375

来源: MLIST

名称: [debian-changes] 20100128 Accepted lintian 1.24.2.1+lenny1 (source all)

链接:http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.HTML

来源: packages.debian.org

链接:http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog

来源: git.debian.org

链接:http://git.debian.org/?p=lintian/lintian.git;a=commit;h=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d

来源: git.debian.org

链接:http://git.debian.org/?p=lintian/lintian.git;a=commit;h=c8d01f062b3e5137cf65196760b079a855c75e00

受影响实体

• Debian Lintian:1.23.23  
• Debian Lintian:1.23.22  
• Debian Lintian:1.23.20  
• Debian Lintian:1.23.19  
• Debian Lintian:1.23.18  

补丁

• lintian_1.24.2.1+lenny1_all
• lintian_1.24.2.1+lenny1_all
• lintian_1.24.2.1+lenny1_all
• lintian_1.24.2.1+lenny1_all
• lintian_1.23.28+etch1_all