Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : devscripts vulnerabilities (USN-1593-1)

Ubuntu Security Notice (C) 2012-2016 Canonical, Inc. / NASL script (C) 2012-2016 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing a security-related patch.

Description :

Raphael Geissert discovered that the debdiff.pl tool incorrectly
handled shell metacharacters. If a user or automated system were
tricked into processing a specially crafted filename, a remote
attacker could possibly execute arbitrary code. (CVE-2012-0212)

Raphael Geissert discovered that the dscverify tool incorrectly
escaped arguments to external commands. If a user or automated system
were tricked into processing specially crafted files, a remote
attacker could possibly execute arbitrary code. (CVE-2012-2240)

Raphael Geissert discovered that the dget tool incorrectly performed
input validation. If a user or automated system were tricked into
processing specially crafted files, a remote attacker could delete
arbitrary files. (CVE-2012-2241)

Raphael Geissert discovered that the dget tool incorrectly escaped
arguments to external commands. If a user or automated system were
tricked into processing specially crafted files, a remote attacker
could possibly execute arbitrary code. This issue only affected Ubuntu
10.04 LTS and Ubuntu 11.04. (CVE-2012-2242)

Jim Meyering discovered that the annotate-output tool incorrectly
handled temporary files. A local attacker could use this flaw to alter
files being processed by the annotate-output tool. On Ubuntu 11.04 and
later, this issue was mitigated by the Yama kernel symlink
restrictions. (CVE-2012-3500).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution :

Update the affected devscripts package.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 62411 ()

Bugtraq ID: 52029
55358
55564

CVE ID: CVE-2012-0212
CVE-2012-2240
CVE-2012-2241
CVE-2012-2242
CVE-2012-3500

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial