HIGH7.5
Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
CVSS 2.0HIGH 7.5
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:PReferences
ALT-PU-2018-1905-1Package update devscripts in branch sisyphus
Severity:
Closed issues (7)
HIGH7.8
Уязвимость пакета сценариев devscripts (scripts/licensecheck.pl) для операционной системы Fedora, позволяющая нарушителю выполнить произвольные shell-команды
CVSS 3.xHIGH 7.8
CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HCVSS 2.0HIGH 7.2
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:CHIGH7.5
Uscan in devscripts before 2.13.9 allows remote attackers to execute arbitrary code via a crafted tarball.
CVSS 2.0HIGH 7.5
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:PReferences
- http://anonscm.debian.org/gitweb/?p=collab-maint/devscripts.git%3Ba=commitdiff%3Bh=02c6850d973e3e1246fde72edab27f03d63acc52
- http://marc.info/?l=oss-security&m=138900586911271&w=2
- http://secunia.com/advisories/56192
- http://secunia.com/advisories/56579
- http://www.debian.org/security/2014/dsa-2836
- http://www.securityfocus.com/bid/64656
- http://www.ubuntu.com/usn/USN-2084-1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90107
- http://anonscm.debian.org/gitweb/?p=collab-maint/devscripts.git%3Ba=commitdiff%3Bh=02c6850d973e3e1246fde72edab27f03d63acc52
- http://marc.info/?l=oss-security&m=138900586911271&w=2
- http://secunia.com/advisories/56192
- http://secunia.com/advisories/56579
- http://www.debian.org/security/2014/dsa-2836
- http://www.securityfocus.com/bid/64656
- http://www.ubuntu.com/usn/USN-2084-1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90107
MEDIUM6.8
The get_main_source_dir function in scripts/uscan.pl in devscripts before 2.13.8, when using USCAN_EXCLUSION, allows remote attackers to execute arbitrary commands via shell metacharacters in a directory name.
CVSS 2.0MEDIUM 6.8
CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:PReferences
- http://anonscm.debian.org/gitweb/?p=collab-maint/devscripts.git%3Ba=commitdiff%3Bh=91f05b5
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731849
- http://osvdb.org/100855
- http://seclists.org/oss-sec/2013/q4/470
- http://seclists.org/oss-sec/2013/q4/486
- http://www.securityfocus.com/bid/64241
- https://bugzilla.redhat.com/show_bug.cgi?id=1040266
- https://exchange.xforce.ibmcloud.com/vulnerabilities/89666
- http://anonscm.debian.org/gitweb/?p=collab-maint/devscripts.git%3Ba=commitdiff%3Bh=91f05b5
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731849
- http://osvdb.org/100855
- http://seclists.org/oss-sec/2013/q4/470
- http://seclists.org/oss-sec/2013/q4/486
- http://www.securityfocus.com/bid/64241
- https://bugzilla.redhat.com/show_bug.cgi?id=1040266
- https://exchange.xforce.ibmcloud.com/vulnerabilities/89666
HIGH8.8
An issue exists in uscan in devscripts before 2.13.19, which could let a remote malicious user execute arbitrary code via a crafted tarball.
CVSS 2.0MEDIUM 6.5
CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:P/A:PCVSS 3.xHIGH 8.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HReferences
- http://www.openwall.com/lists/oss-security/2014/02/12/14
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7325
- https://security-tracker.debian.org/tracker/CVE-2013-7325
- http://www.openwall.com/lists/oss-security/2014/02/12/14
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7325
- https://security-tracker.debian.org/tracker/CVE-2013-7325
HIGH7.8
scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands.
CVSS 2.0HIGH 7.2
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:CCVSS 3.xHIGH 7.8
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HReferences
- http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163705.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163710.html
- http://www.openwall.com/lists/oss-security/2015/08/01/7
- http://www.securityfocus.com/bid/76143
- https://anonscm.debian.org/cgit/collab-maint/devscripts.git/commit/?id=c0687bcde23108dd42e146573c368b6905e6b8e8
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794260
- https://bugzilla.redhat.com/show_bug.cgi?id=1249635
- http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163705.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163710.html
- http://www.openwall.com/lists/oss-security/2015/08/01/7
- http://www.securityfocus.com/bid/76143
- https://anonscm.debian.org/cgit/collab-maint/devscripts.git/commit/?id=c0687bcde23108dd42e146573c368b6905e6b8e8
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794260
- https://bugzilla.redhat.com/show_bug.cgi?id=1249635
HIGH7.5
Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename.
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:NCVSS 3.xHIGH 7.5
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NReferences
- http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163705.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163710.html
- http://www.openwall.com/lists/oss-security/2015/08/01/7
- https://anonscm.debian.org/cgit/collab-maint/devscripts.git/commit/?id=d8f8fa1d8e4151fa62997cb74403f97ab0d7e1a2
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794260
- https://bugzilla.redhat.com/show_bug.cgi?id=1249645
- http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163705.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163710.html
- http://www.openwall.com/lists/oss-security/2015/08/01/7
- https://anonscm.debian.org/cgit/collab-maint/devscripts.git/commit/?id=d8f8fa1d8e4151fa62997cb74403f97ab0d7e1a2
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794260
- https://bugzilla.redhat.com/show_bug.cgi?id=1249645