漏洞信息详情
Debian Lintian 多个代码注入漏洞
- CNNVD编号:CNNVD-201002-004
- 危害等级: 中危
- CVE编号: CVE-2009-4015
- 漏洞类型: SQL注入
- 发布时间: 2010-02-02
- 威胁类型: 远程
- 更新时间: 2010-02-04
- 厂 商: debian
- 漏洞来源: Debian
漏洞简介
Debian lintian是由Debian Project合作组织开发维护的一款软件包检查程序。
Debian Lintian文件名没有充分过滤就直接传递给部分命令作参数,远程攻击者可以借助SHELL命令集,执行任意指令。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Ubuntu Ubuntu Linux 9.10 sparc
Ubuntu lintian_2.2.17ubuntu1.1_all.deb
http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_2.2.17ub untu1.1_all.deb
Debian Linux 4.0 arm
Debian lintian_1.23.28+etch1_all.deb
http://security.debian.org/pool/updates/main/l/lintian/lintian_1.23.28 +etch1_all.deb
Debian Linux 5.0 ia-64
Debian lintian_1.24.2.1+lenny1_all.deb
http://security.debian.org/pool/updates/main/l/lintian/lintian_1.24.2. 1+lenny1_all.deb
Ubuntu Ubuntu Linux 8.04 LTS powerpc
Ubuntu lintian_1.23.46ubuntu0.1_all.deb
http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_1.23.46u buntu0.1_all.deb
Ubuntu Ubuntu Linux 8.10 powerpc
Ubuntu lintian_1.24.3ubuntu0.1_all.deb
http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_1.24.3ub untu0.1_all.deb
Debian Linux 4.0 powerpc
Debian lintian_1.23.28+etch1_all.deb
http://security.debian.org/pool/updates/main/l/lintian/lintian_1.23.28 +etch1_all.deb
Ubuntu Ubuntu Linux 8.04 LTS sparc
Ubuntu lintian_1.23.46ubuntu0.1_all.deb
http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_1.23.46u buntu0.1_all.deb
Ubuntu Ubuntu Linux 8.10 i386
Ubuntu lintian_1.24.3ubuntu0.1_all.deb
http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_1.24.3ub untu0.1_all.deb
Debian Linux 4.0 m68k
Debian lintian_1.23.28+etch1_all.deb
http://security.debian.org/pool/updates/main/l/lintian/lintian_1.23.28 +etch1_all.deb
Ubuntu Ubuntu Linux 9.10 powerpc
Ubuntu lintian_2.2.17ubuntu1.1_all.deb
http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_2.2.17ub untu1.1_all.deb
Ubuntu Ubuntu Linux 6.06 LTS sparc
Ubuntu lintian_1.23.16ubuntu2.1_all.deb
http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_1.23.16u buntu2.1_all.deb
Debian Linux 5.0 alpha
Debian lintian_1.24.2.1+lenny1_all.deb
http://security.debian.org/pool/updates/main/l/lintian/lintian_1.24.2. 1+lenny1_all.deb
Debian Linux 5.0 ia-32
Debian lintian_1.24.2.1+lenny1_all.deb
http://security.debian.org/pool/updates/main/l/lintian/lintian_1.24.2. 1+lenny1_all.deb
Ubuntu Ubuntu Linux 6.06 LTS powerpc
Ubuntu lintian_1.23.16ubuntu2.1_all.deb
http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_1.23.16u buntu2.1_all.deb
Ubuntu Ubuntu Linux 8.04 LTS amd64
Ubuntu lintian_1.23.46ubuntu0.1_all.deb
http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_1.23.46u buntu0.1_all.deb
Debian Linux 5.0 s/390
Debian lintian_1.24.2.1+lenny1_all.deb
http://security.debian.org/pool/updates/main/l/lintian/lintian_1.24.2. 1+lenny1_all.deb
Ubuntu Ubuntu Linux 9.10 lpia
Ubuntu lintian_2.2.17ubuntu1.1_all.deb
http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_2.2.17ub untu1.1_all.deb
Debian Linux 5.0 mipsel
Debian lintian_1.24.2.1+lenny1_all.deb
http://security.debian.org/pool/updates/main/l/lintian/lintian_1.24.2. 1+lenny1_all.deb
Ubuntu Ubuntu Linux 9.04 sparc
Ubuntu lintian_2.2.5ubuntu1.1_all.deb
http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_2.2.5ubu ntu1.1_all.deb
Ubuntu Ubuntu Linux 8.04 LTS lpia
Ubuntu lintian_1.23.46ubuntu0.1_all.deb
http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_1.23.46u buntu0.1_all.deb
Ubuntu Ubuntu Linux 9.04 powerpc
Ubuntu lintian_2.2.5ubuntu1.1_all.deb
http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_2.2.5ubu ntu1.1_all.deb
Ubuntu Ubuntu Linux 6.06 LTS i386
Ubuntu lintian_1.23.16ubuntu2.1_all.deb
http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_1.23.16u buntu2.1_all.deb
Ubuntu Ubuntu Linux 8.10 lpia
Ubuntu lintian_1.24.3ubuntu0.1_all.deb
http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_1.24.3ub untu0.1_all.deb
Debian Linux 4.0 amd64
Debian lintian_1.23.28+etch1_all.deb
http://security.debian.org/pool/updates/main/l/lintian/lintian_1.23.28 +etch1_all.deb
Ubuntu Ubuntu Linux 6.06 LTS amd64
Ubuntu lintian_1.23.16ubuntu2.1_all.deb
http://security.ubuntu.com/ubuntu/pool/main/l/lintian/lintian_1.23.16u buntu2.1_all.deb
参考网址
来源: BID
名称: 37975
链接:http://www.securityfocus.com/bid/37975
来源: UBUNTU
名称: USN-891-1
链接:http://www.ubuntu.com/usn/USN-891-1
来源: DEBIAN
名称: DSA-1979
链接:http://www.debian.org/security/2010/dsa-1979
来源: SECUNIA
名称: 38379
链接:http://secunia.com/advisories/38379
来源: SECUNIA
名称: 38375
链接:http://secunia.com/advisories/38375
来源: MLIST
名称: [debian-changes] 20100128 Accepted lintian 1.24.2.1+lenny1 (source all)
链接:http://packages.qa.debian.org/l/lintian/news/20100128T015554Z.HTML
来源: packages.debian.org
链接:http://packages.debian.org/changelogs/pool/main/l/lintian/lintian_2.3.2/changelog
来源: git.debian.org
链接:http://git.debian.org/?p=lintian/lintian.git;a=commit;h=fbe0c92b2ef7e360d13414bf40d6af5507d0c86d
来源: git.debian.org
链接:http://git.debian.org/?p=lintian/lintian.git;a=commit;h=c8d01f062b3e5137cf65196760b079a855c75e00
受影响实体
- Debian Lintian:1.23.0
- Debian Lintian:1.23.1
- Debian Lintian:1.23.2
- Debian Lintian:1.23.3
- Debian Lintian:1.23.4
补丁
暂无
评论