Debian devscripts 'uscan' Input Validation Vulnerability

Medium Nessus Network Monitor Plugin ID 5175

Synopsis

The remote host is vulnerable to a remote code execution attack.

Description

The remote host is running a version of devscripts uscan that is potentially affected by a code execution vulnerability. The application runs Perl code downloaded from potentially untrusted sources to implement its URL and version mangling functionality. An attacker could exploit this flaw to execute arbitrary code on the remote host.

Solution

Upgrade to devscripts uscan 2.9.6 / 2.10.35

See Also

http://www.debian.org/security/2009/dsa-1878

Plugin Details

Severity: Medium

ID: 5175

Family: Web Clients

Published: 2009/09/15

Modified: 2018/09/16

Dependencies: 1735, 8314

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 5.1

Temporal Score: 5

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSSv3

Base Score: 5.6

Temporal Score: 4.9

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:debian:debian_linux

Patch Publication Date: 2009/09/11

Vulnerability Publication Date: 2009/09/11

Reference Information

CVE: CVE-2009-2946

BID: 36227