Vulnerabilities > CVE-2004-1000 - Unspecified vulnerability in Debian Lintian 1.20.17.1

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
debian
nessus

Summary

lintian 1.23 and earlier removes the working directory even if it was not created by lintian, which may allow local users to delete arbitrary files or directories via a symlink attack.

Vulnerable Configurations

Part Description Count
Application
Debian
1

Nessus

NASL familyDebian Local Security Checks
NASL idDEBIAN_DSA-630.NASL
descriptionJeroen van Wolffelaar discovered a problem in lintian, the Debian package checker. The program removes the working directory even if it wasn
last seen2020-06-01
modified2020-06-02
plugin id16127
published2005-01-12
reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/16127
titleDebian DSA-630-1 : lintian - insecure temporary directory
code
#%NASL_MIN_LEVEL 80502

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-630. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include("compat.inc");

if (description)
{
  script_id(16127);
  script_version("1.18");
  script_cvs_date("Date: 2019/08/02 13:32:18");

  script_cve_id("CVE-2004-1000");
  script_xref(name:"DSA", value:"630");

  script_name(english:"Debian DSA-630-1 : lintian - insecure temporary directory");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Jeroen van Wolffelaar discovered a problem in lintian, the Debian
package checker. The program removes the working directory even if it
wasn't created at program start, removing an unrelated file or
directory a malicious user inserted via a symlink attack."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286681"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.debian.org/security/2005/dsa-630"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the lintian package.

For the stable distribution (woody) this problem has been fixed in
version 1.20.17.1."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:lintian");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2005/01/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2005/01/12");
  script_set_attribute(attribute:"vuln_publication_date", value:"2005/01/10");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"3.0", prefix:"lintian", reference:"1.20.17.1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_note(port:0, extra:deb_report_get());
  else security_note(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");