Vulnerability Description
debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to obtain system information and execute arbitrary code via the file name in a (1) .dsc or (2) .changes file.
CVSS Score
9.3
HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Devscripts Devel Team | Devscripts | 2.10.0 |
Related Weaknesses (CWE)
References
- http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git%3Ba=commitdiff%3Bh
- http://secunia.com/advisories/47955Vendor Advisory
- http://secunia.com/advisories/48039Vendor Advisory
- http://ubuntu.com/usn/usn-1366-1Vendor Advisory
- http://www.debian.org/security/2012/dsa-2409
- http://www.osvdb.org/79319
- http://www.securityfocus.com/bid/52029
- https://exchange.xforce.ibmcloud.com/vulnerabilities/73215
- http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git%3Ba=commitdiff%3Bh
- http://secunia.com/advisories/47955Vendor Advisory
- http://secunia.com/advisories/48039Vendor Advisory
- http://ubuntu.com/usn/usn-1366-1Vendor Advisory
- http://www.debian.org/security/2012/dsa-2409
- http://www.osvdb.org/79319
- http://www.securityfocus.com/bid/52029
FAQ
What is CVE-2012-0210?
CVE-2012-0210 is a vulnerability with a CVSS score of 9.3 (HIGH). debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to obtain system information and execute arbitrary code via the file name in a (1) .dsc or (2) .changes ...
How severe is CVE-2012-0210?
CVE-2012-0210 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-0210?
Check the references section above for vendor advisories and patch information. Affected products include: Devscripts Devel Team Devscripts.