Debian devscripts 'uscan' Input Validation Vulnerability

medium Nessus Network Monitor Plugin ID 5175

Synopsis

The remote host is vulnerable to a remote code execution attack.

Description

The remote host is running a version of devscripts uscan that is potentially affected by a code execution vulnerability. The application runs Perl code downloaded from potentially untrusted sources to implement its URL and version mangling functionality. An attacker could exploit this flaw to execute arbitrary code on the remote host.

Solution

Upgrade to devscripts uscan 2.9.6 / 2.10.35

See Also

http://www.debian.org/security/2009/dsa-1878

Plugin Details

Severity: Medium

ID: 5175

Family: Web Clients

Published: 9/15/2009

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 5.1

Temporal Score: 3.8

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Medium

Base Score: 5.6

Temporal Score: 4.9

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:debian:debian_linux

Patch Publication Date: 9/11/2009

Vulnerability Publication Date: 9/11/2009

Reference Information

CVE: CVE-2009-2946

BID: 36227